This is a quick reference guide on how to generate a certifcate signing request (CSR) to be signed by a Certificate Authority on Linux Based Operating Systems.
1.Generate your certificate
1.1 Generate private RSA key
You can change the encryption by replacing -aes256 to say -aes128 for example. The private key is used to generate the certificate.
openssl genrsa -aes256 -out SSL.key
1.2 Generate Certificate Signing Request or CSR
You will need to ensure that the information below is accurate, especially if you are renewing a current certificate.
Common name (e.g., http://www.example.com), organization name and location (country, state/province, city/town)
root@server:~# openssl req -new -key SSL.key -out certificate.csr
Enter pass phrase for SSL.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) : Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) : Common Name (e.g. server FQDN or YOUR name) : Email Address : Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : An optional company name :
2. Send this to a certificate authority of your choosing.
You will need to send the file that you created (in this case certificate.csr) to a certificate authority.
The certificate authority will sign this CSR which will generate the final SSL certificate.
Thank you for reading and please feel free to leave any feedback.