Tuesday, 25 June 2013

How to Generate an SSL Certificate Signing Request(CSR)

Problem: You want to obtain an SSL certificate from a trusted certifying authority(CA)

Solution: Generate a Certificate Signing Request(CSR)

# make -f /usr/share/ssl/certs/Makefile filename.csr

# openssl req -x509 -nodes -days 365 -newkey rsa:2048 
 -keyout mysitename.key -out mysitename.crt

and send filename.csr to the CA

Make sure that the certificate you have received is in PEM format. Suppose it's in the file cert.pem then decrypt your private key and append it to this file

# openssl rsa -in foo.key >> cert.pem

and then as root

# chown root.root cert.pem
# chmod 400 cert.pem


First, generate a private key on the Linux server that runs Apache webserver using openssl command as shown below.

Generating RSA private key, 1024 bit long modulus.
# openssl genrsa -des3 -out www.ctechz.com.key 1024
Using the key generate above, you should generate a certificate request file (csr) using openssl as shown below.
# openssl req -new -key www.ctechz.com.key -out www.ctechz.com.csr

No comments:

Post a Comment