Geenrate CSR Apache

Apache Generate a Certificate Signing Request (CSR) Follow these instructions to generate a CSR for your Web site.

When you have completed this process, you will have a CSR ready to submit to your provider in order to be generated into a SSL Security Certificate.

1. Create a RSA key for your Apache server: cd /apacheserverroot/conf/ssl.key (ssl.key is the default key directory.) If you have a different path, cd to your server’s private key directory

2. Enter the following command to generate a private key that is file encrypted. You will be prompted for the password to access the file and also when starting your webserver:

openssl genrsa -des3 -out domainname.key 1024

Warning: If you lose or forget the passphrase, you will not be able to use the certificate.

You could also create a private key without file encryption if you do not want to enter the passphrase when starting your webserver:

openssl genrsa -out domainname.key 1024

Note: We recommend that you name the private key using the domain name that you are purchasing the certificate for ie domainname.key

3. Type the following command to create a CSR with the RSA private key (output will be PEM format):

openssl req -new -key domainname.key -out domainname.csr

Note: You will be prompted for your PEM passphrase if you included the "-des3" switch in step 3.

When creating a CSR you must follow these conventions: • Enter the information to be displayed in the certificate. The following characters can not be accepted: < > ~ ! @ # $ % ^ / \ ( ) ?.,& • If you are applying for a wildcard certificate you must state * in place of the sub domain, for example * instead of

You will now be prompted for information to include within the CSR:

Country Name (2 letter code) [AU]: US (must be two letter country code, note for United Kingdom the country code must be GB and NOT UK)

State or Province Name (full name) [SomeState]: The state or province where your organization is legally located. This cannot be abbreviated and must be entered in full.

Locality Name (eg, city) []: The city where your organization is legally located.

Organization Name (eg, company) [Internet Widgits Pty Ltd]: The exact legal name of your organization. Do not abbreviate your organization name.

Organizational Unit Name (eg, section) []: Section of the organization, such as Marketing or Web Development.

Common Name (eg, YOUR name) []: The fully qualified domain name for your web server. This must be an exact match. If you intend to secure the URL, then your CSR's common name must be If you applying for a wildcard certificate to secure all sub domains on your domain, the common name must be *

Email Address []: Leave this field blank by just pressing return.

A challenge password []: Leave this field blank by just pressing return.

An optional company name []: Leave this field blank by just pressing return.

4. If you would like to verify the contents of the CSR, use the following command: openssl req -noout -text -in domainname.csr

5. Create a backup of your private key. If the private key is lost your CSR and Certificate will be invalid.

Make a copy of the private key file (domainname.key) generated earlier and store it in a safe place!

The private key file should begin with (when using a text editor): -----BEGIN RSA PRIVATE KEY----- and end with -----END RSA PRIVATE KEY-----

6. Your CSR will now have been created. Open the domainname.csr in a text editor and copy and paste the contents into the online enrollment form when requested.

Was this article helpful?

mood_bad Dislike 0
mood Like 0
visibility Views: 620