How to generate a CSR code on Apache/Nginx using OpenSSL

  CSR generation instructions

Have you heard about our installation service? Save time and effort by letting our experts set up your SSL for you.

To generate the CSR code on Apache or Nginx server you can use openssl command line utility.

Open up a command line interface and use the following command:

openssl req -new -newkey rsa:2048 -nodes -keyout example.key -out example.csr

You will be asked to enter the following information that will be incorporated into your certificate request. Note: Ensure to use only alphanumeric characters when filling in the details.

  • Country Name: enter two-letter code of your country;
  • State or Province Name: enter the complete name of your state, province or region;
  • Locality Name: enter the complete name of your city or locality;
  • Organization Name: provide the officially registered name for your business. For Organization and Extended Validation certificates, Certificate Authorities will be verifying the submitted organization. For Domain Validated SSLs this field content will not be listed in the issued certificate (you can use NA here for a Domain Validation certificate, if you do not have an organization registered);
  • Organization Unit Name: provide the name of a division or department within the organization entered above. You can use NA for Domain Validation Certificates;
  • Common Name: enter the fully qualified domain name (ex.: domain.com or sub.domain.com), you would like to secure with an SSL certificate. If the certificate you are activating is a Wildcard SSL, please use the following format for the common name: *.example.com.
  • Email Address: Enter your e-mail address. The e-mail used for the CSR generation will not be used for the domain control validation or for the reception of an issued certificate.
    You will be also prompted to enter some extra attributes. They are optional and you can input a dot ‘.’ to leave the fields blank.
  • A Challenge Password: it is basically a shared-secret pass between the certificate applicant and the SSL issuer that the issuer may use to authenticate you, should this ever be needed. This authentication method is not used by the Certificate Authorities we deal with. Therefore, you can leave this field blank.
  • An Optional Company Name: this option can be also left blank.

As a result, two files will be created: example.key with the private key (it will be needed further for the certificate installation) and example.csr that will have the CSR code you need to submit for the certificate activation.

You need to open the example.csr file with the text editor you prefer, copy its content along with the header —–BEGIN CERTIFICATE REQUEST—– and footer —–END CERTIFICATE REQUEST—– and use it to activate the certificate in your account with us.