How To Generate a Certificate Signing Request (CSR) for an SSL Certificate
This short tutorial is for Apache2.x + OpenSSL
It’s advice to make a special directory for certificate for easy management and control. Create a new directory;
mkdir -p /path-to-dir/sslcerts/example.takizo.com
And now cd to your working directory to start generate CSR cert.
You have 2 options here, generate private key with password or without password. One of the hassle of having password protected private key is it will prompt for password during apache start up, most of the time it’s by user preference whether to generate private key with password or not.
Generate Private Key
Generate key with password protected
openssl genrsa -des3 -out example.takizo.com.key 1024
Generate key without password protected
openssl genrsa -out example.takizo.com.key 1024
After you have generated the RSA private key, now it’s time to generate CSR with the RSA private you have created earlier.
openssl req -new -key example.takizo.com.key -out example.takizo.com.csr
Please take note on the prompt field while generating CSR key;
Common Name: Usually the domain name you would like to protect, if you are going to generate the key for http://example.takizo.com/index.php, the the Common Name would be example.takizo.com
Organization: Your organization name, for example Takizo Tech
Organization Unit: Your organization unit name, for example Systems Engineering
City or Locality: For example, Kuala Lumpur
State or Province: For example, Wilayah Persekutuan
Country: For example, Malaysia.
Submit your CSR to your SSL Certificate to your provider and wait for the CRT file. Also please take note that every SSL provider will equip with documentation on how to generate CSR. You are advice to follow the documentation.