How to generate CSR and key for SSL certificate?

What is a CSR?

A CSR (Certificate Signing request) is a block of encoded text that is given to a Certificate Authority when applying for an SSL Certificate. It also contains the public key that will be included in the certificate. A private key is usually created at the same time that you create the CSR, making a key pair.

A certificate authority will use a CSR to create an SSL certificate, but it does not need the private key. The certificate created with a particular CSR will only work with the private key that was generated with it.

What is included in a CSR?

• Common Name(CN): The fully qualified domain name (FQDN) of your server.
  Example: *.example.com or www.example.com
• Organization(O): The legal name of your organization. Do not abbreviate and include any suffixes, such as Inc., Corp., or LLC.
  Example: Team8solutions LLC.
• Organizational Unit(OU): The division of your organization handling the certificate.
  Example: Information Technology
• City/Locality(L): The city where your organization is located.
  Example: Southlake
• State/County/Region(S): The state/region where your organization is located.
  Example: Texas
• Country(C): The two-letter ISO code for the country where your organization is located.
  Example: US
• Email Address: An email address used to contact your organization.
• Public Key: The public key that will go into the certificate. The public key is created automatically

How do I create a Certificate Signing Request (CSR)?

Steps:

1. Log in to your server’s terminal (SSH).
2. At the prompt, type the following command:
   openssl req -newkey rsa:2048 -nodes -keyout domainname.key -out domainname.csr
3. Enter the requested information:
   Country Name (2 letter code) []:***
   State or Province Name (full name) []:***
   Locality Name (eg, city) []:***
   Organization Name (eg, company) []:***
   Organizational Unit Name (eg, section) []:***
   Common Name (eg, fully qualified host name) []:***
   Email Address []:***
   A challenge password []:***

The above commands generate a CSR file (domainname.csr) and a private key (domainname.key), please keep the private key in a safe place which is required to be used along with the certificate that’s generated using the csr.