Generate a CSR for Apache with OpenSSL
- Login to your server via secure SSH terminal.
- Create an RSA private key. Run this command.
$ openssl genrsa -out server.key 2048
- Create a Certificate Signing Request (CSR) using the private key created in the previous step. Run this command.
$ openssl req -new -key server.key -out server.csr
Enter information that will be included in your Certificate Signing Request (CSR).Country Name: Two uppercase letters only (United Kingdom, use GB not UK). The country where your company is legally located. State or Province Name:
The state/province where your company is legally located. Do not abbreviate. (e.g., California) Locality Name:
The city where your company is legally located. Organization Name: Your company’s legally registered name (e.g., YourCompany, Inc.). Organizational Unit Name: The name of your department within the organization. Examples: "IT", "Web Sales", or simply leave blank. Common name: The fully-qualified domain name (FQDN) (e.g., www.example.com or *.example.com for wildcard certs). Email Address: Leave it blank by hitting Enter. A challenge password: Leave it blank by hitting Enter. An optional company name: Leave it blank by hitting Enter.
Note: The following characters should not be used in your CSR input: < > ~ ! @ # $ % ^ / \ ( ) ? , &
- Run the Linux list (
ls) command to see the two new files created:
- To view the contents of the
server.csrfile run the linux
catcommand. Copy the entire contents of the file including the
ENDlines and paste the contents into the form when enrolling for the certificate.
$ cat server.csr
- Save your
server.keyprivate key file. You will need it later when your certificate is issued and installed on your server.
DO NOT share your private key with anyone, not even us.
Install SSL Certificate on Apache 2
- Install your SSL certificate on Apache Server