Create a Certificate Signing Request (CSR)

If you want to order an SSL certificate so visitors to your website can view your site via a secure https connection you will need to create a CSR.

To do so login to your webserver and create a subfolder for your certificates.

mkdir /etc/apache2/ssl

Enter the folder and create a new key.

cd /etc/apache2/ssl<br></br>
openssl genrsa -out www.example.com.key 2048```

Create a certificate signing request

`openssl req -new -key www.example.com.key -out www.example.com.csr`

You will be asked some questions that are needed to create the certificate request.

First you need to enter your **Country Name** in a two letter country code format based on ISO 3166 (US for United States, GB for United Kingdom/Great Britain, IN for India, DE for Germany, ….); If you don’t know the code you can find it here: [http://www.iso.org/iso/english_country_names_and_code_elements](http://www.iso.org/iso/english_country_names_and_code_elements "OpenSSL Country Codes")

Then the full **State or Province Name** (no abbreviations), for example Texas, Georgia, Hessen, Bavaria, ..,

The name of your city (**Locality Name**), e.g. New York

The **Organization Name** which is your company name. If you don’t have a company. enter your personal name.

The **Organizational Unit Name** which is your department, for example IT or Marketing.

The **Common Name** is the address of your website where your certificate will be installed, e.g. www.example.com. It is very important to fill this out correctly as your certificate will only be valid for this specific domain name.  
 If you are ordering a wildcard certificate (one that works with all subdomains) you should include the wildcard character in the common name like *.example.com.

The contact **Email Address** for the certificate, e.g. it@example.org. It’s the easiest to enter someone from the IT administration and not your general company email address.

You are then asked for **a challenge password**. Don’t enter anything here but just press return. Otherwise you will always be asked for this password when you restart the web server.

Last you will be asked for an optional company name which can also be left empty (just press return).

And a last tip: Don’t order certificates at VeriSign, Thawte, GeoTrust, RapidSSL directly but via a domain provider, it’s way cheaper.


Create a Certificate Signing Request (CSR)
Share this