Search Support
contact us

Let Us Make it Easy for You. Call 1-877-898-3290 for MyTime Support™. Learn More

Generating a Certificate Signing Request or CSR Topics

Article Rating: 3 / 5 Votes: 54

CSR for Apache (with mod_ssl) & OpenSSL

Generating a Certificate Signing Request (CSR) using Apache (with mod_ssl) & OpenSSL

To generate your CSR, you will need to log in to your server and use the OpenSSL software to generate a CSR and private key.

1.      in Logto your server, and enter the following command:

openssl req -nodes -newkey rsa:2048 -sha256 -keyout myserver.key -out server.csr

This will generate two files: a CSR called 'server.csr' and a 2048-bit private key called 'myserver.key'.

2.     2. You will be prompted to enter some information for your CSR:


Country Name (2 letter code) [AU]: GB
State or Province Name (full name) [Some-State]: Yorks
Locality Name (eg, city) []: York
Organization Name (eg, company) [Internet Widgits Pty Ltd]: MyCompany Ltd
Organizational Unit Name (eg, section) []: IT
Common Name (eg, YOUR name) []: mysubdomain.mydomain.com
Email Address []:

Please enter the following 'extra' attributes to be sent with your certificate request

A challenge password []: 
An optional company name []:

The 'CN' field (Common Name) is where you should enter the fully qualified domain name of the website you require the certificate for. 
Note: for wildcard certificates, the Common Name should be in the format: *.mydomain.com

3.     3. Your CSR is now generated. Open the 'server.csr' file with a text-editor and copy and paste the contents into the enrollment form when requested.

 

Notes:
The 'myserver.key' file should be kept secure (e.g. readable only by root on linux systems).

Removing the '-nodes' option from the openssl command will request a password and encrypt the private key. This can increase security, but note that the password will be required each time Apache is restarted.

The two-letter 'Country Name' field must be the ISO-3166 standard country code. Please note that 'GB' is correct for Great Britain, not 'UK'. A complete list can be found here: http://www.iso.org/iso/country_codes.htm