In this step-by-step tutorial, we will show you how to generate a CSR on Pound. The quickest way to generate your CSR is via an external tool such as the CSR Generator. Alternatively, you can use the OpenSSL utility if you’re familiar with its commands.
Here’s how to create the CSR via OpenSSL:
1. Run the following command to start the CSR generation process:
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
2. Replace yourdomain with the domain name you want to secure
- Yourdomain.key is your private key
- Yourdomain.csr is your CSR code
3. Next, provide the required details.
Please fill in the fields as below:
- Common name: enter the FQDN (fully qualified domain name) to which you want to assign your SSL Certificate (ex: yourdomain.com). If you bought a Wildcard Certificate, include an asterisk in front of the domain name (ex: *.yourdomain.com).
- City: enter the city where your business is officially registered (ex: San Jose)
- State: enter the state where your company is located (ex: California)
- Country: enter the two-letter country code of your organization (ex: US)
- Organization: type the official, full name of your organization (ex: Your Company LLC). For Domain Validation (DV) Certificates, type NA instead
- Organizational Unit: specify the unit responsible for SSL management (ex: IT or Web). If you have a DV certificate, put it NA instead.
- Email Address: this is an optional field. You can leave it blank
- Challenge Password: another optional field. We recommend leaving this field blank, otherwise, your CSR will be rejected by the CA.
The OpenSSL utility will generate the CSR file. You can open it with any text editor such as Notepad.
When applying for your certificate, please include the full CSR text including the —-BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—– tags.
Along with the CSR, OpenSSL will also create your private key (yourdomain.key). Save and store it in a safe place. You will need it during the SSL installation on Pound.