Views:

To generate your CSR, you will need to log into your server and use the OpenSSL software to generate a CSR and private key.

  1. 1. Log into your server and enter the following command:
  2. openssl req -nodes -newkey rsa:2048 -sha1 -keyout myser.key -out server.csr
  3. This will generate two files:
    • CSR called server.csr
    • 2048-bit private key called myserver.key
  4. 2. You will be prompted to enter some information for your CSR:
  5. FieldExample
    Country Name (2-letter code) [AU]GB
    State or Province Name (full name) [Some-State]Yorks
    Locality Name (city) []York
    Organization Name (company) [Internet Widgits Pty Ltd]:MyCompany Ltd
    Organizational Unit Name (section) [ ]IT
    Common Name (domain name of website) [ ]mysubdomain.mydomain.com
    Email Address [ ]help@webmailhelp.com
  6. Please also enter the following extra attributes to be sent with your certificate request:
    • A challenge password [ ]
    • An optional company name [ ]
    • The CN field or Common Name is where you should enter the fully qualified domain name of the website, which requires the certificate.
  7. Note: For wildcard certificates, the Common Name should be in the format *.mydomain.com.

  8. 3. Your CSR is now generated.
  9. Open the server.csr file with a text-editor and copy and paste the contents into the enrollment form when requested.
  10. You have generated your CSR for Apache with mod_ssl and OpenSSL.
  11. Note: The myserver.key file should be kept secure, such as readable only by root on Linux systems. Removing the -nodes option from the openssl command will request a password and encrypt the private key. This can increase security, but note that the password will be required each time Apache is restarted.