How to create a CSR (Certificate Signing Request) in Linux using OpenSSL
Before you can purchase or create your own self signed SSL certificate, you must first create a CSR (Certificate Signing Request) and a Private Key. These two files much be created simultaneously or the resulting SSL certificate will not work.
As root, Run the following command:
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout SUB.DOMAIN.TLD.key -out SUB.DOMAIN.TLD.csr
Or try this to auto-complete filling the questions:
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout SUB.DOMAIN.TLD.key -out SUB.DOMAIN.TLD.csr -subj="/C=US/ST=Texas/L=Austin/O=How To Web Host.com/OU=Development/CN=SUB.DOMAIN.TLD"
Finally, Use this script to create certs as you need them
#! /bin/bash
if [ -z "$1" ]
then
echo "ERROR: No domain specified."
echo "You must run this command followed by the sub.domain.tld you wish to create certs for."
echo "Example: ./mkcert.sh cisco.eflashcards.org"
else
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout $1.key -out $1.csr -subj "/C=US/ST=Texas/L=Austin/O=How To Web Host.com/OU=Development/CN=$1"
echo "Add the following lines to the /etc/apache2/sites-available/$1.conf file"
echo " "
echo "SSLCertificateFile `pwd`/$1.csr"
echo "SSLCertificateKeyFile `pwd`/$1.key"
fi
Generating a 2048 bit RSA private key ............+++ .......................+++ writing new private key to 'sub.domain.com.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:US State or Province Name (full name) []:State Locality Name (eg, city) [Default City]:City Organization Name (eg, company) [Default Company Ltd]:Business Name or Domain.com Organizational Unit Name (eg, section) []:optional Common Name (eg, your name or your server's hostname) []:sub.domain.com Email Address []:optional Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
With the above command, both the CSR (sub.domain.com.csr) and Private Key (sub.domain.com.key) files are created.
It is important to note in the above example to use the fully qualified domain name (FQDN) for the “Common Name”. If you are going to use the certificate with www.domain.com, enter “www.domain.com”. If you are using an alternate subdomain, such as orders, type “orders.domain.com”.
Some SSL providers may create certificates that work for both domain.com and www.domain.com, but there is no guarantee this will work for you.
Comments
So empty here ... leave a comment!