Generating CSR for SSL Certificate

Generating Certificate Signing Request is essentially the first step towards installing SSL certificate. This post is about generating a CSR using Openssl on Linux system.

Prerequisites

You need openssl installed on your system, depending on your distribution you can install openssl from the package manager of compile it from the source.

Generate a Key

Generate a RSA key for Apache server and store it in some arbitrary spot, does not matter where you store the key, but make sure the key is accessible by user account running Apache.

$mkdir -p ~/mylocation/ssl/

$cd ~/mylocation/ssl

$openssl genrsa -out domainname.com.key 2048

Replace domainname with appropriate key name.

Generate CSR

Generate the csr using the key and enter appropriate information for the certificates. When you are asked for FQDN or Common name enter your fully accessible domain name and remember the server using this later generated certificate should be able to resolve this FQDN as servername. Leave the challenge passphrase empty, or you can enter create one. Save this passphrase for future, this will be required whenever you want to reload the ssl certificate.

$ openssl req -new -key domainname.com.key -out domainname.com.csr

This will generate a csr file. Submit this CSR file to your SSL provider and obtain SSL certificate. Replace the domainname with appropriate names.

Verify the CSR

You can verify the generated csr file to check if the csr file is valid or not.

$openssl req -noout -text -in domainname.com.csr

This should show content of the csr file.

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s