In this step-by-step tutorial, we will show you how you can generate a CSR on Apache.
Just follow the steps below.
Step 1: Connect via Secure Shell (SSH) to your server’s terminal
Step 2: Create the private key and CSR files
Type the following command at the prompt:
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
Don’t forget to replace yourdomain with your real domain name. For example, if your domain is ssldragon.com, you type ssldragon,key and ssldragoin.csr
Step 3: Provide up-to-date details about your company to the CA
Include the following information in the CSR. Please, use only alphanumeric characters when entering your details.
- Country Name: enter the two-letter code of your country. If you have a Business Validation or Extended Validation certificate, make sure the country you submit, is the official residence of your organization
- State or Province Name: type the full name of the state or region where your company is registered
- Locality Name: specify the name of the city or town where your business is located
- Organization Name: enter the officially registered name of your company. For instance, GPI Holding LLC. For Domain Validation certificates, you can put in NA instead
- Organization Unit Name: it’s usually IT or Web Administration. You can use NA for DV certificates
- Common Name: specify the Fully Qualified Domain Name (FQDN) to which you want to assign your SSL certificate. For example, ssldragon.com. If you want to activate a wildcard certificate, add an asterisk in front of your domain name (e.g. *.ssldragon.com)
- Email Address: provide a valid email address
Note: Next attributes are optional. If you don’t want to fill them in input a dot (.) to leave them blank.
- A challenge password: this is an obsolete attribute, no longer required by the Certificate Authorities. To avoid any confusion, leave this field blank
- An Optional Company Name: If your official company name seems too long or complex, you can enter a shorter name or your brand name here. Again, to avoid confusion, we recommend ignoring this field
Step 4: The OpenSSL utility will instantly create two files.
- key containing your private key (you will need it later during SSL installation)
- csr incorporating your CSR code (you will need it when applying for your SSL certificate)
Depending on the type of your cert, you may have to wait for a few minutes (DV certs) or a couple of business days (EV and BV certs) for it to arrive in your email inbox.
After your CA validates the CSR and issues the SSL certificate, you can proceed to the Apache SSL installation instructions.