SSL certificates make your website secure by encrypting all the data transferred between users’ browsers and your server. However, will installing SSL certificates on your web server, you need to create a Certificate Signing Request (CSR) for your SSL certificate, and submit it to your Certificate Authority (CA) like RapidSSL, Comodo, Verisign, or whichever company has issued them. This allows CA’s to verify the identity of your website, everytime a user visits your web pages. Here’s how to generate CSR for SSL certificate in Linux.
How to Generate CSR for SSL Certificate in Linux
1. Log into your server via SSH
2. Type the following command
$ openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
Replace yourdomain with your website’s domain name
This will generate 2 files
- Private key file (e.g yourdomain.key ) that is used to generate the CSR file. It is also used to verify connections using the certificate
- Certificate Signing Request (CSR) file that is used to order your SSL certificate from Certificate Authorities like RapidSSL, Comodo, GeoTrust, etc. It is also used to encrypt data such that only its private key can decrypt.
3. Enter the requested information
- Common Name – Fully qualified domain name or URL that you need to secure. If you need a Wildcard certificate add an asterisk(*) to the left of common name. For example, *.example.com
- Organization – The legal name of the organization that is requesting the certificate. E.g Alpha Distilleries Pvt. Ltd.
- Organization Unit – Enter the name of your business that is commonly used. E.g Alpha Distilleries
- City or Locality – Full name of the city or locality where your organization is located
- State or Province – Full name of the State or Province where your organization is located
- Country – Two-letter ISO format country code of the country where your organization is located. Here’s the list of ISO codes for countries.
- Passphrase – Optional passphrase to secure access to your certificate. You can leave it as blank
4. Once the CSR file is generated, open it with a text editor and copy all the text. Paste it in the order form on your Certificate Authority’s website.
That’s it. Make sure you backup the private key and CSR files. You will need them both to install your SSL Certificates on your web server.