Generate CSR - Apache with OpenSSL
Mar 11, 2026
Generate CSR - Apache with OpenSSL
|
OVERVIEW: OVERVIEW: This page provides a walkthrough of instructions in creating a Certificate Signing Request (CSR) with Apache with OpenSSL. For more certificate management guides, please refer to this page. |
Guidelines
Navigate to the directory where you want to create the CSR and private key files.
- Start OpenSSL by running the openssl command.
- Run the ls (list) command to verify that the folder or directory is empty.
- To generate a CSR, run the following command:
openssl req -out mydomain.csr -new -newkey rsa:2048 -nodes [BM1] -keyout mydomain.key
[BM1]Recommendation: We omit this detail and put it in confluence support since we only use this internally.
|
IMPORTANT: You will need to provide a password when prompted. You need this password to access the private key, so make sure you store it safely. |
|
Command |
Purpose |
|---|---|
|
openssl req |
Calls the OpenSSL utility for creating and processing PKCS#10 X.509 certificate requests |
|
-out mydomain.csr |
Specifies the file that will contain your CSR |
|
-new |
Generates a brand-new CSR |
|
-newkey rsa:2048 |
Automatically generates a new RSA (Rivest-Shamir-Adleman) private key with a length of 2048-bits, which is the current industry standard for security |
|
(No DES) Creates a private key without a passphrase NOTE: When generating a CSR, using the -nodes (no DES) option instructs OpenSSL to create the private key without passphrase encryption.[BM1] |
|
|
-keyout mydomain.key |
Indicates the file name that will be used to store the newly generated private key. Use mydomain.key to define the private key file name. |
NOTE: DV and Alpha only require the Common Name (CN) field.
|
Field |
Requirement |
Example |
|---|---|---|
|
Country Name |
Two letter country code |
US |
|
State or Province Name |
Full state name |
New Hampshire |
|
Locality Name |
Full city name |
Portsmouth |
|
Organization Name |
Entity's legal name |
GMO GlobalSign Inc |
|
Organizational Unit Name |
Department or division name (Optional) |
Support |
|
Common Name |
Domain or entity name. Use the domain name where the certificate will be installed. |
NOTE: The following special characters are not accepted in the CSR subject fields and are enforced by Certificate Authorities: < > ~ ! @ # $ % ^ * / \ ( ) ? . , &
Next Steps
You should now have the following files:
- Private key (mydomain.key), must always remain secure and should never be shared with others.
- CSR (mydomain.csr) can be provided to GlobalSign to issue your certificate.
Both files can be opened using a standard plain‑text editor such as Notepad, TextEdit, Vi, Nano, or Notepad++.
[BM1]Recommendation: We omit this detail and put it in confluence support since we only use this internally.
Related Articles
SSL Configuration Test
Check your certificate installation for SSL issues and vulnerabilities.