Category: Linux

Generating a Certificate Signing Request (CSR) using Apache Mod_SSL/OpenSSL

A CSR is a file containing your certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into an email and send to [email protected]

Generate keys and certificate:

To generate the key for 2048 bit

openssl req -new -nodes -newkey rsa:2048 -keyout mydomain.key -out mydomain.csr

This creates two files. The file myserver.key contains a private key; do not disclose this file to anyone. Carefully protect the private key.

In particular, be sure to backup the private key, as there is no means to recover it should it be lost. The private key is used as input in the command to generate a Certificate Signing Request (CSR).

You will now be asked to enter details to be entered into your CSR at the command prompt.

What you are about to enter is what is called a Distinguished Name or a DN.

For some fields there will be a default value, If you enter ‘.’, the field will be left blank.

Country Name (2 letter code) [GB: 
State or Province Name (full name) [Some-State: Yorks
Locality Name (eg, city) [: York
Organization Name (eg, company) [Internet Widgits Pty Ltd: MyCompany Ltd
Organizational Unit Name (eg, section) [: IT
Common Name (eg, YOUR name) [:
Email Address [:

Please enter the following ‘extra’ attributes to be sent with your certificate request

A challenge password [: 
An optional company name [:

Use the name of the webserver as Common Name (CN). If the domain name (Common Name) is append the domain to the hostname (use the fully qualified domain name).

The fields email address, optional company name and challenge password can be left blank for a webserver certificate.

Your CSR will now have been created. Open the server.csr in a text editor and copy and paste the contents into the email and send to [email protected] when requested.

Converting SSL certificate from .Pem(.cer and .key) file format to .PFX file format:

openssl pkcs12 -export -out domain.pfx -inkey domain.key -in domain.crt -certfile Alpharoot.crt

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.