How to Create a Certificate Signing Request (CSR) – Apache

For LAMP stack users, once you have purchased a SSL certificate from a Certificate Authority, you will need to generate a Certificate Signing Request (CSR) to link the certificate to your domain name and server.

Step 1 – SSH into your server instance

Step 2 – Generate the CSR and key by typing the following command at the prompt and then pressing ‘Enter’:

openssl req -new -newkey rsa:2048 -nodes -keyout 
yourdomain.key -out yourdomain.csr

RSA:2048 is the recommended key size.

Replace yourdomain with your domain name excluding the extension, e.g. for example.com use example.key and example.csr. 



The program will ask for some information which you will need to enter in full not using abbreviations:

  • Common name – the fully qualified domain name e.g. example.com. If the Certificate Authority allows a wildcard (*) certificate you can enter *.example.com
  • Organization – your organization’s legal name or your name if it is a person requesting the certificate not a company
  • Organization Unit – the trading or ‘doing business as’ name
  • City or locality – the city where the organization is registered or located
  • State or Province – the state or province where the organization is registered or located
  • Country – the two-letter ISO format country code where the organization is registered or located

Step 3 – When the program has finished, type the following at the command prompt and you should see two files: yourdomain.csr and yourdomain.key

ls

You have now created a CSR and view the CSR by entering:

nano yourdomain.csr

You now need to follow the instructions when purchasing the certificate on copying and pasting the CSR including the —BEGIN NEW CERTIFICATE REQUEST— and —END NEW CERTIFICATE REQUEST— into the SSL order form.