Apache Generate a Certificate Signing Request (CSR) Follow these instructions to generate a CSR for your Web site.
When you have completed this process, you will have a CSR ready to submit to your provider in order to be generated into a SSL Security Certificate.
1. Create a RSA key for your Apache server: cd /apacheserverroot/conf/ssl.key (ssl.key is the default key directory.) If you have a different path, cd to your server’s private key directory
2. Enter the following command to generate a private key that is file encrypted. You will be prompted for the password to access the file and also when starting your webserver:
openssl genrsa -des3 -out domainname.key 1024
Warning: If you lose or forget the passphrase, you will not be able to use the certificate.
You could also create a private key without file encryption if you do not want to enter the passphrase when starting your webserver:
openssl genrsa -out domainname.key 1024
Note: We recommend that you name the private key using the domain name that you are purchasing the certificate for ie domainname.key
3. Type the following command to create a CSR with the RSA private key (output will be PEM format):
openssl req -new -key domainname.key -out domainname.csr
Note: You will be prompted for your PEM passphrase if you included the "-des3" switch in step 3.
When creating a CSR you must follow these conventions: • Enter the information to be displayed in the certificate. The following characters can not be accepted: < > ~ ! @ # $ % ^ / \ ( ) ?.,& • If you are applying for a wildcard certificate you must state * in place of the sub domain, for example *.yourdomain.com instead of www.yourdomain.com
You will now be prompted for information to include within the CSR:
Country Name (2 letter code) [AU]: US (must be two letter country code, note for United Kingdom the country code must be GB and NOT UK)
State or Province Name (full name) [SomeState]: The state or province where your organization is legally located. This cannot be abbreviated and must be entered in full.
Locality Name (eg, city) []: The city where your organization is legally located.
Organization Name (eg, company) [Internet Widgits Pty Ltd]: The exact legal name of your organization. Do not abbreviate your organization name.
Organizational Unit Name (eg, section) []: Section of the organization, such as Marketing or Web Development.
Common Name (eg, YOUR name) []: The fully qualified domain name for your web server. This must be an exact match. If you intend to secure the URL https://www.yourdomain.com, then your CSR's common name must be www.yourdomain.com. If you applying for a wildcard certificate to secure all sub domains on your domain, the common name must be *.yourdomain.com.
Email Address []: Leave this field blank by just pressing return.
A challenge password []: Leave this field blank by just pressing return.
An optional company name []: Leave this field blank by just pressing return.
4. If you would like to verify the contents of the CSR, use the following command: openssl req -noout -text -in domainname.csr
5. Create a backup of your private key. If the private key is lost your CSR and Certificate will be invalid.
Make a copy of the private key file (domainname.key) generated earlier and store it in a safe place!
The private key file should begin with (when using a text editor): -----BEGIN RSA PRIVATE KEY----- and end with -----END RSA PRIVATE KEY-----
6. Your CSR will now have been created. Open the domainname.csr in a text editor and copy and paste the contents into the online enrollment form when requested.