How to Generate a CSR using OpenSSL
Generating CSR From OpenSSL Pre-Conditions
Linux servers come with openssl as standard. You do not need to install anything before running this command. Just go to the shell and type the below.
If you have two domains namely my-new-domain-name.com and my-new-domain-name.co.uk you use everything before the first dot. NO DOTS IN DOMAIN NAMES is the rule of thumb.
The generate CSR openssl command
Go to your linux home folder (just type “cd” anwhere and Linux takes you there).
openssl req -new -newkey rsa:2048 -nodes -keyout my-new-domain-name.key -out my-new-domain-name.csr
Now openssl becomes “interactive”. From here you need to
- Refer to the tips on how to answer the questions
- Set and “remember” a password
- See that 2 files are created in your present directory
- Upload the CSR as directed by the signing authority
- Re-enter the password you set if and when asked
OpenSSL Sample Command
Just answer the questions (see the tips below)
openssl req -new -newkey rsa:2048 -nodes -keyout build-business-websites.key -out build-business-websites.csr
Distinguished Name (DN)
The process of entering a Distinguished Name (DN) is as
Generating a 2048 bit RSA private keyunable to write 'random state' writing new private key to <=your-domain-b4-the-dot=>.key ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:GB State or Province Name (full name) [Some-State]:Gt London Locality Name (eg, city):London Organization Name (eg, company) [Internet Widgits Pty Ltd]:Carbon Copy Mathematics Organizational Unit Name (eg, section) :Math Education Services Common Name (e.g. server FQDN or YOUR name) :Apollo Akora Email Address :email@example.com Please enter the following extra attributes to be sent with your certificate request A challenge password:<== Enter A Dot Then Press Return ==> An optional company name :Carbon Copy Mathematics
Notes on generating a 2048 bit RSA Private Key
- You will be asked to enter information to be incorporated into your certificate
- You will enter a Distinguished Name (aka DN)
- Avoid entering a passphrase as this stalls the Apache2 restart
- There are quite a few fields but you can leave some blank
- For some fields there will be a default value
- If you enter '.', the field will be left blank
- The name and address details should be tackled with care
OpenSSL CSR Request Observable Value
If you have executed the above accurately and you enter the command
ls -lah you should see a .csr file and your private key in the .key file. Well Done!