How to generate CSR and key for SSL certificate?
What is a CSR?
A CSR (Certificate Signing request) is a block of encoded text that is given to a Certificate Authority when applying for an SSL Certificate. It also contains the public key that will be included in the certificate. A private key is usually created at the same time that you create the CSR, making a key pair.
A certificate authority will use a CSR to create an SSL certificate, but it does not need the private key. The certificate created with a particular CSR will only work with the private key that was generated with it.
What is included in a CSR?
- Common Name(CN): The fully qualified domain name (FQDN) of your server.
Example: *.example.com or www.example.com - Organization(O): The legal name of your organization. Do not abbreviate and include any suffixes, such as Inc., Corp., or LLC.
Example: Team8solutions LLC. - Organizational Unit(OU): The division of your organization handling the certificate.
Example: Information Technology - City/Locality(L): The city where your organization is located.
Example: Southlake - State/County/Region(S): The state/region where your organization is located.
Example: Texas - Country(C): The two-letter ISO code for the country where your organization is located.
Example: US - Email Address: An email address used to contact your organization.
- Public Key: The public key that will go into the certificate. The public key is created automatically
How do I create a Certificate Signing Request (CSR)?
Steps:
- Log in to your server’s terminal (SSH).
- At the prompt, type the following command:
openssl req -newkey rsa:2048 -nodes -keyout domainname.key -out domainname.csr - Enter the requested information:
Country Name (2 letter code) []:***
State or Province Name (full name) []:***
Locality Name (eg, city) []:***
Organization Name (eg, company) []:***
Organizational Unit Name (eg, section) []:***
Common Name (eg, fully qualified host name) []:***
Email Address []:***
A challenge password []:***
The above commands generate a CSR file (domainname.csr) and a private key (domainname.key), please keep the private key in a safe place which is required to be used along with the certificate that’s generated using the csr.