How to Generate CSR for Apache Web Server with OpenSSL - SSL Certificate
Generating a Certificate Signing Request (CSR) for an Apache web server using OpenSSL is a straightforward process if the correct protocols are followed. This guide will walk you through the steps needed to create a CSR efficiently.
Step 1: Log in to Your Server
Begin by logging into your server through a secure SSH terminal. This ensures a protected connection to your server.
Step 2: Create an RSA Private Key and CSR
Once logged in, generate an RSA private key and a Certificate Signing Request (CSR) using the following command:
openssl req -out yourdomain.csr -new -sha256 -newkey rsa:2048 -nodes -keyout yourdomain.key
Make sure to replace yourdomain with your actual domain name to avoid any future confusion. For example, if your domain name is mydomain.com, the files will be named mydomain.com.csr and mydomain.com.key.
Executing this command will create a private key named ‘yourdomain.key’ with a length of 2048 bits.
Step 3: Enter Key Information for the CSR
Next, you will provide the necessary information for the CSR. Follow the prompts to enter the following details:
- Country Name: Enter the two-letter code of your country (e.g., "GB" for Great Britain, "US" for the United States).
- State or Province Name: Provide the full name of the state or province where your company is located.
- Locality Name: Enter the full name of the city or locality where your company is incorporated.
- Organization Name: Enter the full legal name of your company.
- Organizational Unit Name: Specify your company’s department, such as HR or IT.
- Common Name: Enter the fully qualified domain name (FQDN) for which the SSL is to be enabled (e.g., www.yourdomain.com or yourdomain.com).
For wildcard certificates, the common name should begin with an asterisk (e.g., *.yourdomain.com).
When prompted for the email address, passphrase (challenge password), or Optional Company Name, you can leave these fields blank to enhance security.
Field | Description |
---|---|
Country Name | Enter the two-character ISO country code (e.g., "GB" for Great Britain, "US" for the United States). |
State or Province | Full name of the state or province where your company is located. |
Locality or City | Full name of the city or locality where your company is incorporated. |
Company/Organization | Full legal name of your company. |
Organizational Unit | Company’s department, such as HR or IT (skip by pressing Enter if not applicable). |
Common Name | Fully qualified domain name (FQDN) for the SSL certificate (e.g., www.yourdomain.com or yourdomain.com). |
Step 4: Generate CSR and Private Key Files
After entering the required information, two files will be generated: a .CSR file and a .key file. Open the .csr file with a text editor (like Notepad) and copy the entire content, including the BEGIN and END lines. This content will be needed when enrolling for the certificate.
Step 5: Save Your Private Key
Make sure to save your private key (server.key) securely, as it will be required during the certificate installation process.
And that’s it! By following these steps, you can generate a CSR for your Apache web server using OpenSSL.