Generating CSR on Apache Web Server

Generating CSR on Apache Web Server

CSR or Certificate Signing Request is a block of code with encrypted information about company and domain name for your website or online business.

You need to submit CSR to Certification Authority to activate SSL certificate for your website.

Basic configuration of CSR OpenSSL conatins following details:

  • Common Name (the domain name certificate should be issued for)
  • Country
  • State (or province)
  • Locality (or city)
  • Organization Name
  • Organizational Unit (Department)
  • E-mail address

In this tutorial we will use OpenSSL to generate CSR.

OpenSSL is included by default in web server properties on servers like Apache or Nginx so you don’t need to install additional software.

If you don’t have Apache installed, you can use our tutorial LAMP install (Apache, MySQL, PHP) to install basic web server, or you can use instructions from Chapter 1 to install Apache only if you don’t need MySQL and PHP.

To generate CSR you need to run the command bellow:

You can replace <server_name> with your domain name the certificate will be issued for to avoid further confusion.

You’ll need to enter details mentioned above.

It is recommended to fill all the required fields because if you left out something CSR can be rejected during activation.

If you need certificate for domain validation (DV) you don’t need to specify Organization Name and Organization Unit, you can simply enter NA in the fields.

In the Common Name you need to enter the domain name the certificate should be issued for.

It is recommended to use English alphanumeric Alphabet to avoid CSR rejection.

If you want the certificate for specific subdomain of your website, you need to specify the subdomain in Common Name. For example secure.yourdomain.com

If you are using Wildcard certificates, the domain name shoul start with an asterisk. For example *.yourdomain.com

When you complete entering detials this command will generate two different files:

  • CSR – <server_name>.csr
  • Private Key – <server_name>.key

<server_name>.csr file contains CSR code that you need to submit to Certification Authority during certificate activation.

When you open file, it will look something like this:

You need to copy complete file content including header

and footer

<server_name>.key file is the Private key which will be used for decryption using SSL/TLS between a server and a client. Make sure to save the Private Key because you will not be able to install certificate without it.

 

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *