OpenSSL is a common utility used to generate a pair of private key and public Certificate Signing Request (CSR) for Apache web servers. In this tutorial, we will describe the steps to generate a Certificate Signing (CSR) from Apache 2.x web server.
- Login to your Linux machine via SSH and type the following command. While issuing the command, don't forget to replace your-domain-name with your actual domain name.
openssl req -new -newkey rsa:2048 -nodes -keyout your-domain-name.key -out your-domain-name.csr
- This command will generate two files, Private-Key file for the decryption of the SSL Certificate and Certificate Signing Request (CSR) file. You will now be asked to enter following information to generate the CSR key.
- Common Name: Enter the Fully Qualified Domain Name of your website. When you generate a CSR key for Wildcard SSL, common name must start with * (asterisk). For Example, *.your-domain-name.com.
- Organization: Enter the legal/registered name of your organization.
- Organization Unit: Enter exact section of your organization, if applicable.
- City or Locality: Enter name of the city where your organization is registered. Do not abbreviate it.
- State or Province: Enter name of the state or province where your company is located. Do not abbreviate it.
- Country: Enter two letter ISO (International Organization for Standardization) abbreviation for your country.
- Once the necessary information is filled up, you will get your-domain-name.csr and your-domain-name.key files in the folder where the command was run. Open your-domain-name.csr file with a text-editor. Copy CSR key and paste in SSL certificate request page. Similarly, open your-domain-name.key file to get a private key.