May 15, 2023

How to create a CSR in Apache with OpenSSL

Introduction

This article provides step-by-step instructions for creating a Certificate Signing Request (CSR) in Apache with OpenSSL. If this is not the solution you are looking for, please search for your solution in the search bar above.

Guidelines

You can watch the following video for a tutorial.

 

Or, you can follow the step-by-step guidelines below.

1. To get started, go to the Directory where you want the files to be created. 
2. To start using OpenSSL, just type "OpenSSL". It should already be installed on any Linux or Apache system. 
3. When you input "ls", you will notice that the folder is empty.
4. To create a CSR, input the following command:
   
   openssl req -out mydomain.csr -new -newkey rsa:2048 -nodes -keyout mydomain.key
    
   • Your opening command should be "req" for request.
   • The output file you'll define with "-out" will be called "mydomain.csr".
   • Use -new to declare you are creating a new file, then -newkey, to define it as a private key. 
   • Define the hashing algorithm as RSA and the bitlength as 2048 with no spaces between them.
   • The -nodes command means that the private key will not be encrypted.
   • The -keyout is used to declare the private key output file.
     Note: 2048 is the smallest key length that you can use under CA/B Forum guidelines.
   • Now define the private key file name. We'll keep it simple and use "mydomain.key". 
5. Press enter, and then it will prompt you to input the CSR information.
   Note: DV and Alpha only require the CN field, so you can skip the rest. 
    
   • The first field is the 2-letter country code. The state field, city, and organization name should be in full. 
   • The OU field can be the department.
   • Common Name: Use the domain name where your Certificate will be installed.
     Note: If you're ordering a wildcard, your common name should start with an asterisk (*). For SAN Certificates, you don't need to have the SAN domains listed here, you can add them in when you order with us.
   • Email Address: This will show up on an EV Certificate. 
6. When you press enter, it will prompt you for a password. You can opt to skip this.
7. When you enter the command "ls" again, you can now see the files you have created.
8. Use nano or another text editor to view the CSR contents.
   
   nano mydomain.csr
9. Now you have your CSR. You can copy it from the SSH terminal and place it into a notepad or into an order form on our website.
   Note: It's important to remember where you placed the file to keep your private key secure, without it, you will have to reorder your Certificate.