How to generate CSR (Certificate Signing Request)?

 

Nginx: Generate CSR

  Prior to purchasing a cert, you need to generate a private key, and a CSR file (Certificate Signing Request). You'll be asked for the content of the CSR file when ordering the certificate.

openssl req -new -newkey rsa:2048 -nodes -keyout example_com.key -out example_com.csr

This gives you two files:

  • example_com.key — your Private key. You'll need this later to configure ngxinx.
  • example_com.csr — Your CSR file.

Now, purchase the certificate. You should soon get an email with your PositiveSSL Certificate.

 

 

 

Apache 2.x: Generate CSR

  Follow these instructions to generate a certificate signing request (CSR) for your Apache Web Server. When you have completed generating your CSR, cut/copy and paste it into the CSR field on the SSL certificate-request page.

 

1. Log in to your server's terminal (SSH).

 

2. At the prompt, type the following command:

openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr 

 

Replace yourdomain with the domain name you're securing. For example, if your domain name is coolexample.com, you would type coolexample.key and coolexample.csr.

 

3. Enter the requested information:

  • Common Name: The fully-qualified domain name, or URL, you're securing. If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *.coolexample.com
  • Organization: The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requestor's name.
  • Organization Unit: If applicable, enter the DBA (doing business as) name.
  • City or Locality: Name of the city where your organization is registered/located. Do not abbreviate.
  • State or Province: Name of the state or province where your organization is located. Do not abbreviate.
  • Country: The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered.

 

If you do not want to enter a password for this SSL, you can leave the Passphrase field blank. However, please understand there might be additional risks.

 

4. Open the CSR in a text editor and copy all of the text.

 

5. Paste the full CSR into the SSL enrollment form in your account.

 

 

Sources:

https://gist.github.com/bradmontgomery/6487319

https://www.godaddy.com/help/apache-generate-csr-certificate-signing-request-5269