Generating a Certificate Signing Request (CSR) is a critical step when setting up SSL for a web server. OpenSSL is a widely used command-line toolkit for this purpose. It helps generate a private key and CSR file, which you can then submit to a Certificate Authority (CA) to obtain an SSL certificate.

This guide explains how to generate a CSR for an Apache 2.x web server on a Linux system.

Step 1: Log in to your Linux server via SSH.

Use your terminal or SSH client to connect to the server where the certificate will be installed.

Step 2: Run the OpenSSL command to generate the CSR and private key.
# openssl req -new -newkey rsa:2048 -nodes -keyout your-domain-name.key -out your-domain-name.csr

Replace your-domain-name with your actual domain (e.g., example.com).

This command will generate:

  • A private key file: your-domain-name.key
  • A certificate signing request file: your-domain-name.csr

Step 3: Enter the required details when prompted:

You’ll be asked to provide the following information:

  • Common Name: The fully qualified domain name (FQDN) for your website.
     For Wildcard SSL, prefix with an asterisk (e.g., *.your-domain.com).
  • Organization: Your legal organization name.
  • Organizational Unit: Department or division (optional).
  • City or Locality: Full name of your city (no abbreviations).
  • State or Province: Full name of your state or province (no abbreviations).
  • Country: Two-letter ISO country code (e.g., US, IN).

Step 4: Locate the generated files.

Both .csr and .key files will be created in the directory where the command was executed.

Step 5: Open the .csr file using a text editor.
# nano your-domain-name.csr

Copy the full contents of the CSR file, including the -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- lines.

Step 6: Submit the CSR to your Certificate Authority (CA).

Paste the copied content into your CA’s SSL certificate request form.

Step 7: Open the .key file to view or store the private key.
# nano your-domain-name.key

Keep this file secure—it’s required to install the SSL certificate and should not be shared publicly.

Conclusion:

Using OpenSSL to generate a CSR and private key is a straightforward but essential step in securing your web application. Ensure the domain details you enter are accurate, and always keep your private key safe. Once you've submitted your CSR to the CA, you'll receive the SSL certificate required to secure your Apache server.

Get Linux VPS Hosting »
Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

How To Configure the Apache Web Server on an Ubuntu or Debian VPS

Apache is one of the internet's most favoured web servers, serving over half of all active...
Locations of Common Log Files and Configuration Files for cPanel Services

This article covers the configuration files and the log file locations of the most common cPanel...
Fix: Exim error-exim dead but subsys locked

The error “Exim dead but subsys locked” is a common message on Linux servers that use Exim as the...
How to Sync Time using NTP in the Ubuntu Server?

Linux server users might notice that even after manually setting the correct system time, it...
How to Install NodeBB on a CentOS or AlmaLinux?

NodeBB is an open-source and powerful forum software based on Node.js. It is a very easy-to-use,...