Yikes! This post is over a year old!
If you think it deserves a rewrite please get in touch or leave a comment.
— Thanks, Ash.
What is a CSR? A CSR or Certificate Signing request is a block of encoded text that is given to a Certificate Authority when applying for an SSL Certificate. It contains information that will be included in the certificate such as the organization name, common name (domain name), locality, and country. It also contains the public key that will be included in the certificate. A private key is usually created at the same time that you create the CSR, making a key pair.
Generate the files using openssl
The following instructions assume you have openssl
installed on your system and you’re logged in as a user with Adminstrator privileges.
Next, run the following openssl
command to generate the CSR and private key files:
(substitute domain.com
for the domain you input when purchasing the certificate)
openssl req -new -nodes -newkey rsa:2048 -out /tmp/domain.com.csr.txt -keyout /tmp/domain.com.key.txt
Input the information for the Certificate Signing Request. This information will be displayed in the certificate and should be accurately represented.
Please note: The following characters cannot be accepted: < > ~ ! @ # $ % ^ / \ ( ) ?.,&
If you want to set a challenge passphrase when creating your private key you must ensure that your web server is configured with the appropriate passphrase otherwise your website will not be able to make use of it. Since keeping that passphrase stored in the filesystem of the web server would defeat the point of the passphrase, I typically do not recommend including one.
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [GX Networks Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:
A challenge password []:
An optional company name []:
You can now copy the files to your Desktop by using
cp /tmp/domain.com{.key,.csr} ~/Desktop
Saving the private.key
Keep the Private Key safe and treat it like a password. When you are ready to install your certificate onto your web server you’ll also need to include your private key with it.