Important: This article applies to customers with SSL services only.
To generate your CSR, you will need to log into your server and use the OpenSSL software to generate a CSR and private key.
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr
This creates two files:
- CSR called server.csr
- The file myserver.key contains a private key.
- Do not disclose this file to anyone.
|Country Name (2-letter code) [AU]||GB|
|State or Province Name (full name) [Some-State]||Yorks|
|Locality Name (city) ||York|
|Organization Name (company) [Internet Widgits Pty Ltd]:||MyCompany Ltd|
|Organizational Unit Name (section) [ ]||IT|
|Common Name (domain name of website) [ ]||mysubdomain.mydomain.com|
|Email Address [ ]||firstname.lastname@example.org|
- A challenge password
- An optional company name
- The CN field or Common Name is where you should enter the fully qualified domain name of the website, which requires the certificate
Note: For wildcard certificates, the Common Name should be in the format: mydomain.com. The fields email address, optional company name and challenge password can be left blank for a web server certificate.
-subj "/C=GB/ST=Yorks/L=York/O=MyCompany Ltd./OU=IT/CN=mysubdomain.mydomain.com"
Note: If the "-nodes" is inputted, the key will not be encrypted with a DES pass phrase.
The myserver.key file should be kept secure, such as readable only by root on Linux systems. Removing the -nodes option from the openssl command will request a password and encrypt the private key. This can increase security, but note that the password will be required each time Apache is restarted.