Manually Creating a CSR

Learn the easiest way to manually generate a Certificate Signing Request (CSR) for your SSL certificate.

Please note: This article is for Linux servers NOT running cPanel

Prerequisites

What you'll need first is to install Openssl on your server, this is a common package and will be available on all of the major distros through their package installer. Here is how you check to see if it is installed in a "Yum" style system such as CentOS or Fedora:

    # yum install openssl openssl-devel

Generate the RSA key

Create a RSA key:

    # mkdir /root/domain.com.ssl/
    # cd /root/domain.com.ssl/

Type the following command to generate a private key.

    # openssl genrsa -out /root/domain.com.ssl/domain.com.key 2048

Create a CSR

Type the following command to create a CSR with the RSA private key (output will be PEM format):

    # openssl req -new -key /root/domain.com.ssl/domain.com.key -out /root/domain.com.ssl/domain.com.csr

When creating a CSR you must follow these conventions. Enter the information to be displayed in the certificate. The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?.,&. All fields are required.

Do not enter extra attributes at the prompt.

• Warning: Leave the challenge password blank (press enter)

Verify your CSR

    # openssl req -noout -text -in /root/domain.com.ssl/domain.com.csr

Submit your CSR

From this point you have to take your CSR that you created here and submit it to a certificate authority. We offer Comodo certificates through the my account area.