Home / Tutorials / How to Generate a CSR on Apache

How to Generate a CSR on Apache?

In this step-by-step tutorial, we will show you how you can generate a CSR on Apache.

Just follow the steps below.

Step 1: Connect via Secure Shell (SSH) to your server’s terminal

Step 2: Create the private key and CSR files

Type the following command at the prompt:

openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

Don’t forget to replace yourdomain with your real domain name. For example, if your domain is ssldragon.com, you type ssldragon,key and ssldragoin.csr

Step 4: Provide up-to-date details about your company to the CA

Include the following information into the CSR. Please, use only alphanumeric characters when entering your details.

  • Country Name: enter the two-letter code of your country. If you have a Business Validation or Extended Validation certificate, make sure the country you submit, is the official residence of your organization
  • State or Province Name: type the full name of the state or region where your company is registered
  • Locality Name: specify the name of the city or town where your business is located
  • Organization Name: enter the officially registered name of your company. For instance, GPI Holding LLC. For Domain Validation certificates, you can put in NA instead
  • Organization Unit Name: it’s usually IT or Web Administration. You can sue NA for DV certificates
  • Common Name: specify the Fully Qualified Domain Name (FQDN) to which you want to assign your SSL certificate. For example, ssldragon.com. If you want to activate a wildcard certificate, add an asterisk in front of your domain name (e.g. *.ssldragon.com)
  • Email Address: provide a valid email address
    Note: Next attributes are optional. If you don’t want to fill them in input a dot (.) to leave them blank.
  • A challenge password: this is an obsolete attribute, no longer required by the Certificate Authorities. To avoid any confusion, leave this field blank
  • An Optional Company Name: If your official company name seems too long or complex, you can enter a shorter name or your brand name here. Again, to avoid confusion, we recommend ignoring this field

Step 3: The OpenSSL utility will instantly create two files.

  1. key containing your private key (you will need it later during SSL installation)
  2. csr incorporating your CSR code (you will need it when applying for your SSL certificate)