Support Desk

Generate a CSR for Apache with OpenSSL

  1. Login to your server via secure SSH terminal.
  2. Create an RSA private key. Run this command.
    $ openssl genrsa -out server.key 2048​
  3. Create a Certificate Signing Request (CSR) using the private key created in the previous step. Run this command. 
    $ openssl req -new -key server.key -out server.csr​
  4. Enter information that will be included in your Certificate Signing Request (CSR).

    Country Name: Two uppercase letters only (United Kingdom, use GB not UK). The country where your company is legally located. State or Province Name:
    The state/province where your company is legally located. Do not abbreviate. (e.g., California) Locality Name:
    The city where your company is legally located. Organization Name: Your company’s legally registered name (e.g., YourCompany, Inc.). Organizational Unit Name: The name of your department within the organization. Examples: "IT", "Web Sales", or simply leave blank. Common name: The fully-qualified domain name (FQDN) (e.g., www.example.com or *.example.com for wildcard certs). Email Address: Leave it blank by hitting Enter. A challenge password: Leave it blank by hitting Enter. An optional company name: Leave it blank by hitting Enter.
    Note: The following characters should not be used in your CSR input: < > ~ ! @ # $ % ^ / \ ( ) ? , &
    • Run the Linux list (ls) command to see the two new files created: server.key & server.csr.

      $ ls
      server.csr server.key
    • To view the contents of the server.csr file run the linux cat command. Copy the entire contents of the file including the BEGIN and END lines and paste the contents into the form when enrolling for the certificate.
      $ cat server.csr​

      Example CSR file contents
    • Save your server.key private key file. You will need it later when your certificate is issued and installed on your server.

      DO NOT share your private key with anyone, not even us.

    Install SSL Certificate on Apache 2

    Additional Resources