How to Generate CSR for Apache Web Server with OpenSSL - SSL Certificate

author
By PS

17 July 2024

How to Generate CSR for Apache Web Server with OpenSSL - SSL Certificate

Generating a Certificate Signing Request (CSR) for an Apache web server using OpenSSL is a straightforward process if the correct protocols are followed. This guide will walk you through the steps needed to create a CSR efficiently.

Step 1: Log in to Your Server

Begin by logging into your server through a secure SSH terminal. This ensures a protected connection to your server.

Step 2: Create an RSA Private Key and CSR

Once logged in, generate an RSA private key and a Certificate Signing Request (CSR) using the following command:

bash
openssl req -out yourdomain.csr -new -sha256 -newkey rsa:2048 -nodes -keyout yourdomain.key

Make sure to replace yourdomain with your actual domain name to avoid any future confusion. For example, if your domain name is mydomain.com, the files will be named mydomain.com.csr and mydomain.com.key.

Executing this command will create a private key named ‘yourdomain.key’ with a length of 2048 bits.

Step 3: Enter Key Information for the CSR

Next, you will provide the necessary information for the CSR. Follow the prompts to enter the following details:

  • Country Name: Enter the two-letter code of your country (e.g., "GB" for Great Britain, "US" for the United States).
  • State or Province Name: Provide the full name of the state or province where your company is located.
  • Locality Name: Enter the full name of the city or locality where your company is incorporated.
  • Organization Name: Enter the full legal name of your company.
  • Organizational Unit Name: Specify your company’s department, such as HR or IT.
  • Common Name: Enter the fully qualified domain name (FQDN) for which the SSL is to be enabled (e.g., www.yourdomain.com or yourdomain.com).

For wildcard certificates, the common name should begin with an asterisk (e.g., *.yourdomain.com).

When prompted for the email address, passphrase (challenge password), or Optional Company Name, you can leave these fields blank to enhance security.

Enter Key Information for the CSR
FieldDescription
Country NameEnter the two-character ISO country code (e.g., "GB" for Great Britain, "US" for the United States).
State or ProvinceFull name of the state or province where your company is located.
Locality or CityFull name of the city or locality where your company is incorporated.
Company/OrganizationFull legal name of your company.
Organizational UnitCompany’s department, such as HR or IT (skip by pressing Enter if not applicable).
Common NameFully qualified domain name (FQDN) for the SSL certificate (e.g., www.yourdomain.com or yourdomain.com).

Step 4: Generate CSR and Private Key Files

After entering the required information, two files will be generated: a .CSR file and a .key file. Open the .csr file with a text editor (like Notepad) and copy the entire content, including the BEGIN and END lines. This content will be needed when enrolling for the certificate.

CSR Key

Step 5: Save Your Private Key

Make sure to save your private key (server.key) securely, as it will be required during the certificate installation process.

And that’s it! By following these steps, you can generate a CSR for your Apache web server using OpenSSL.

Share this post :