To generate your CSR, you will need to log into your server and use the OpenSSL software to generate a CSR and private key.
- 1. Log into your server and enter the following command:
- openssl req -nodes -newkey rsa:2048 -sha1 -keyout myser.key -out server.csr
- This will generate two files:
- CSR called server.csr
- 2048-bit private key called myserver.key
- 2. You will be prompted to enter some information for your CSR:
Field Example Country Name (2-letter code) [AU] GB State or Province Name (full name) [Some-State] Yorks Locality Name (city) [] York Organization Name (company) [Internet Widgits Pty Ltd]: MyCompany Ltd Organizational Unit Name (section) [ ] IT Common Name (domain name of website) [ ] mysubdomain.mydomain.com Email Address [ ] help@webmailhelp.com - Please also enter the following extra attributes to be sent with your certificate request:
- A challenge password [ ]
- An optional company name [ ]
- The CN field or Common Name is where you should enter the fully qualified domain name of the website, which requires the certificate.
Note: For wildcard certificates, the Common Name should be in the format *.mydomain.com.
- 3. Your CSR is now generated.
- Open the server.csr file with a text-editor and copy and paste the contents into the enrollment form when requested.
- You have generated your CSR for Apache with mod_ssl and OpenSSL.
Note: The myserver.key file should be kept secure, such as readable only by root on Linux systems. Removing the -nodes option from the openssl command will request a password and encrypt the private key. This can increase security, but note that the password will be required each time Apache is restarted.