In order to request SSL certificate from a certificate authority like GoDaddy, RapidSSL, Comodo, etc. you need to submit a certificate signing request (CSR). For this purpose, you need to generate CSR from private key. Here’s how to generate CSR for SSL Certificate in Linux for Apache/NGINX and other web servers.
How to Generate CSR for SSL Certificate in Linux
Here are the steps to generate CSR for SSL certificate in Linux.
1. Log into your server’s terminal via SSH.
2. You will need to run OpenSSL command to generate private key and CSR for SSL certificate. By default, all Linux distributions have OpenSSL installed. Run the following command in your terminal
In the following command, replace yourdomain with the domain you want to secure.
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
Bonus Read : How to Redirect non-www to www in Apache
3. You will be asked to enter some information for CSR file generation. Enter the requested information
- Common name – Fully qualified domain name of the website you are securing. E.g www.yourdomain.com, blog.yourdomain.com, *.yourdomain.com
- Organization – Full legal name of your business/company
- Organization Unit (OU) – If applicable, department such as ‘website security’, or use the company name
- City or Locality – Name of city or locality where your business is located. Do no abbreviate
- State or Province – Name of state or province where your organization is located. Do no abbreviate
- Country – Two-letter ISO code for country where organization is located. Here’s a list of country codes
You will be asked to enter an optional field for passphrase, for additional security. If you do not want to enter passphrase for your SSL certificate then you can leave this field as blank.
After you enter all the required information above, OpenSSL will generate 2 files:
- yourdomain.key – private key required for SSL certificate
- yourdomain.csr – CSR file for SSL certificate
Bonus Read : Top 10 SSL Certificate Providers for Your Website
4. Open CSR file in a text editor
$ sudo vi yourdomain.csr
5. Every SSL certificate authority will require you to paste the CSR file’s contents in a textbox in your account, on their website. Copy all the text in it and paste it into their SSL enrollment form. Make sure you also copy the top & bottom lines of CSR file
-----BEGIN CERTIFICATE REQUEST----- ... -----END CERTIFICATE REQUEST-----