Generating CSR for SSL certificate on a Linux server
Posted by on 2016-09-29 13:59

In this guide we will use openssl to generate a Certificate Signing Request, and a certificate key.

The first thing you need to do is make sure you have openssl installed on its server. If you have not, you can install it via:

sudo apt-get install openssl



Then you run the following string (replace test against its own domain)

openssl req -new -newkey RSA 2048 -nodes -out www_test_com.csr -keyout www_test_com.key


After you run the command, you need to enter information that will be in the certificate. One example can be as follows:

Generating a 2048 bit RSA private key
.......... +++
.................................................. .......... +++
writing new private key to 'www_test_com.key'
You are about to be asked to enter information thatwill be incorporated
intoyour Certificate Request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', The field will be left blank.
Country Name (2 letter code) [AU]: SE
State or Province Name (full name) [Some-State]: Blekinge
Locality Name (eg, city) []: Karlskrona
Organization Name (eg, company) [Internet Widgit symbol Pty Ltd]: City Network
Organizational Unit Name (eg, section) []: IT
Common Name (e.g server FQDN or your name) []:
Email Address []:

Please enter The Following 'extra' attributes
to be sent with your certificate request
A password challenge []:
An optional company name []:

Please note that the Common Name is the name of the domain so it's important to get it right. If you register domain names through us, without "www" are included, if you order with "www" in the domain name.

Optional attributes are recommended to leave empty. If you fill in a challenge password you need to enter a password each time you start apache.