How To Generate a Certificate Signing Request (CSR) for an SSL Certificate

Written by · in Systems

This short tutorial is for Apache2.x + OpenSSL

It’s advice to make a special directory for certificate for easy management and control. Create a new directory;

mkdir -p /path-to-dir/sslcerts/example.takizo.com

And now cd to your working directory to start generate CSR cert.

cd /path-to-dir/sslcerts/example.takizo.com

You have 2 options here, generate private key with password or without password. One of the hassle of having password protected private key is it will prompt for password during apache start up, most of the time it’s by user preference whether to generate private key with password or not.

Generate Private Key

Generate key with password protected

openssl genrsa -des3 -out example.takizo.com.key 1024

Generate key without password protected

openssl genrsa -out example.takizo.com.key 1024

After you have generated the RSA private key, now it’s time to generate CSR with the RSA private you have created earlier.

openssl req -new -key example.takizo.com.key -out example.takizo.com.csr

Please take note on the prompt field while generating CSR key;

Common Name: Usually the domain name you would like to protect, if you are going to generate the key for http://example.takizo.com/index.php, the the Common Name would be example.takizo.com

Organization: Your organization name, for example Takizo Tech

Organization Unit: Your organization unit name, for example Systems Engineering

City or Locality: For example, Kuala Lumpur

State or Province: For example, Wilayah Persekutuan

Country: For example, Malaysia.

Submit your CSR to your SSL Certificate to your provider and wait for the CRT file. Also please take note that every SSL provider will equip with documentation on how to generate CSR. You are advice to follow the documentation.