Knowledgebase
Knowledgebase
Manually Creating a CSR
Posted by Will Kruss on 30 May 2016 09:09 PM

Learn the easiest way to manually generate a Certificate Signing Request (CSR) for your SSL certificate.

Please note: This article is for Linux servers NOT running cPanel

Prerequisites

What you'll need first is to install Openssl on your server, this is a common package and will be available on all of the major distros through their package installer. Here is how you check to see if it is installed in a "Yum" style system such as CentOS or Fedora:

 
    # yum install openssl openssl-devel

Generate the RSA key

Create a RSA key:

 
    # mkdir /root/domain.com.ssl/
    # cd /root/domain.com.ssl/

Type the following command to generate a private key.

 
    # openssl genrsa -out /root/domain.com.ssl/domain.com.key 2048

Create a CSR

Type the following command to create a CSR with the RSA private key (output will be PEM format):

 
    # openssl req -new -key /root/domain.com.ssl/domain.com.key -out /root/domain.com.ssl/domain.com.csr

When creating a CSR you must follow these conventions. Enter the information to be displayed in the certificate. The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?.,&. All fields are required.

DN Field Explanation Example
Common Name The fully qualified domain name for your web server. This must be an exact match. If you intend to secure the URL https://www.yourdomain.com, then your CSR's common name must be www.yourdomain.com. If you plan on getting a Wildcard certificate make sure to prefix your domain with a '*' ex. *.domain.com
Organization The exact legal name of your organization. Do not abbreviate your organization name. domain.com
Organization Unit Section of the organization Sales
City or Locality The city where your organization is legally located. Melbourne
State or Province The state or province where your organization is legally located. Can not be abbreviated. Victoria
Country The two-letter ISO abbreviation for your country. AU

Do not enter extra attributes at the prompt.

  • Warning: Leave the challenge password blank (press enter)

Verify your CSR

 
    # openssl req -noout -text -in /root/domain.com.ssl/domain.com.csr

Submit your CSR

From this point you have to take your CSR that you created here and submit it to a certificate authority. We offer Comodo certificates through the my account area.

(0 vote(s))
Helpful
Not helpful