How To Generate a Certificate Signing Request (CSR) for an SSL Certificate

This short tutorial is for Apache2.x + OpenSSL

It’s advice to make a special directory for certificate for easy management and control. Create a new directory;

mkdir -p /path-to-dir/sslcerts/

And now cd to your working directory to start generate CSR cert.

cd /path-to-dir/sslcerts/

You have 2 options here, generate private key with password or without password. One of the hassle of having password protected private key is it will prompt for password during apache start up, most of the time it’s by user preference whether to generate private key with password or not.

Generate Private Key

Generate key with password protected

openssl genrsa -des3 -out 1024

Generate key without password protected

openssl genrsa -out 1024

After you have generated the RSA private key, now it’s time to generate CSR with the RSA private you have created earlier.

openssl req -new -key -out

Please take note on the prompt field while generating CSR key;

Common Name: Usually the domain name you would like to protect, if you are going to generate the key for, the the Common Name would be

Organization: Your organization name, for example Takizo Tech

Organization Unit: Your organization unit name, for example Systems Engineering

City or Locality: For example, Kuala Lumpur

State or Province: For example, Wilayah Persekutuan

Country: For example, Malaysia.

Submit your CSR to your SSL Certificate to your provider and wait for the CRT file. Also please take note that every SSL provider will equip with documentation on how to generate CSR. You are advice to follow the documentation.