Important: This article applies to customers with SSL services only.
To generate your CSR, you will need to log into your server and use the OpenSSL software to generate a CSR and private key.
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr
This creates two files:
- CSR called server.csr
- The file myserver.key contains a private key.
- Do not disclose this file to anyone.
| Field | Example |
|---|---|
| Country Name (2-letter code) [AU] | GB |
| State or Province Name (full name) [Some-State] | Yorks |
| Locality Name (city) [] | York |
| Organization Name (company) [Internet Widgits Pty Ltd]: | MyCompany Ltd |
| Organizational Unit Name (section) [ ] | IT |
| Common Name (domain name of website) [ ] | mysubdomain.mydomain.com |
| Email Address [ ] | help@webmailhelp.com |
- A challenge password
- An optional company name
- The CN field or Common Name is where you should enter the fully qualified domain name of the website, which requires the certificate
Note: For wildcard certificates, the Common Name should be in the format: mydomain.com. The fields email address, optional company name and challenge password can be left blank for a web server certificate.
-subj "/C=GB/ST=Yorks/L=York/O=MyCompany Ltd./OU=IT/CN=mysubdomain.mydomain.com"
Note: If the "-nodes" is inputted, the key will not be encrypted with a DES pass phrase.
The myserver.key file should be kept secure, such as readable only by root on Linux systems. Removing the -nodes option from the openssl command will request a password and encrypt the private key. This can increase security, but note that the password will be required each time Apache is restarted.