Knowledgebase
Apache/OpenSSL Print this Article
To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver, "server", use the following command:
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr
This creates a two files:
myserver.key contains a private key, do not disclose this file to anyone. Carefully protect it. In particular, be sure to backup the private key, as there is no means to recover it should it be lost. The private key is used as input in the command to generate a Certificate Signing Request (CSR).
server.csr – CSR.
You will now be asked to enter details to be entered into your CSR. For some fields there will be a default value, If you enter , the field will be left blank.
Country Name (2 letter code) [AU]: EN
State or Province Name (full name) [Some-State]: malopolskie
Locality Name (eg, city) []: Cracow
Organization Name (company name) []: Company inc.
Organizational Unit Name (eg, section) []: IT
Common Name (eg, YOUR name) []: your-address.com
Email Address []: [email protected]
Please enter the following 'extra' attributes to be sent with your certificate request
A challenge password []:
An optional company name []:
Use the name of the webserver as Common Name (CN). If the domain name (Common Name) is mydomain.com append the domain to the hostname (use the fully qualified domain name).
The fields e-mail address, optional company name and challenge password can be left blank for a webserver certificate.
Your CSR will now have been created. Open the server.csr in a text editor and copy and paste the contents into the online enrollment form when requested.
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr
This creates a two files:
myserver.key contains a private key, do not disclose this file to anyone. Carefully protect it. In particular, be sure to backup the private key, as there is no means to recover it should it be lost. The private key is used as input in the command to generate a Certificate Signing Request (CSR).
server.csr – CSR.
You will now be asked to enter details to be entered into your CSR. For some fields there will be a default value, If you enter , the field will be left blank.
Country Name (2 letter code) [AU]: EN
State or Province Name (full name) [Some-State]: malopolskie
Locality Name (eg, city) []: Cracow
Organization Name (company name) []: Company inc.
Organizational Unit Name (eg, section) []: IT
Common Name (eg, YOUR name) []: your-address.com
Email Address []: [email protected]
Please enter the following 'extra' attributes to be sent with your certificate request
A challenge password []:
An optional company name []:
Use the name of the webserver as Common Name (CN). If the domain name (Common Name) is mydomain.com append the domain to the hostname (use the fully qualified domain name).
The fields e-mail address, optional company name and challenge password can be left blank for a webserver certificate.
Your CSR will now have been created. Open the server.csr in a text editor and copy and paste the contents into the online enrollment form when requested.
Was this answer helpful?
Related Articles
What is CSR and who needs it?
A Certificate Signing Request is a text generated on the server that is used to create your SSL...
A Certificate Signing Request is a text generated on the server that is used to create your SSL...
Apache (with mod_ssl)
Installing SSL certificate on Apache with mod_ssl To install certificate you need 2...
Installing SSL certificate on Apache with mod_ssl To install certificate you need 2...
Apache (Multi-Domain version)
To generate CSR file which includes more than one Fully Qualified Domain Name, you need to...
To generate CSR file which includes more than one Fully Qualified Domain Name, you need to...
Apple Mac OS X Server
CSR is generated in 2 steps.I. Private key generation1. Log into server and open...
CSR is generated in 2 steps.I. Private key generation1. Log into server and open...
Barracuda SSL VPN
Generating a Certificate Signing Request for Barracuda VPNFrom the appliance web interface,...
Generating a Certificate Signing Request for Barracuda VPNFrom the appliance web interface,...
