Knowledgebase

How to generate a CSR for Nginx using OpenSSL

1. Login to your server via your terminal client (ssh). At the prompt, type:

   openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

   where server is the name of your server.

2. This will begin the process of generating two files: the Private-Key file for the decryption of your SSL Certificate, and a certificate signing request (CSR) file used to apply for your SSL Certificate.

   When you are prompted for the Common Name (domain name), enter the fully qualified domain name for the site you are securing. If you are generating an Nginx CSR for a Wildcard SSL Certificate make sure your common name starts with an asterisk (e.g. *.example.com).

   After that, you will be prompted for your organizational information, beginning with geographic information. There may be default information set already.

   Your .csr file will then be created.

3. Open the CSR file with a text editor and copy and paste it (including the BEGIN and END tags) into the SSLGURU order form.
   

4. Save (backup) the generated .key file as it will be required later when installing your SSL certificate in Nginx.

Adding Subject Alternative Names to a CSR using OpenSSL is a complicated task. Our advice is to skip the hassle, use your most important server name as the Common Name, and specify the other names during the order process. Our UC/Multi-domain certificate ordering process will let you specify all the names you need without making you include them in the CSR.