Account | Help |
Contact | Services | Whois | DIG |

Generate a CSR for Apache + ModSSL + OpenSSL

Follow these instructions to generate a CSR for your web site.

You will need an OpenSSL installation on your server.

Create a RSA key for your Apache server

If you already have an RSA key for your server then use that one, skip this step and generate a CSR directly. Otherwise you will have to generate a new one. You may generate either an encrypted or unencrypted key, an encrypted key is recommended, however this will result in you having to enter a passphrase every time you start the apache serve. If you do not start the server manually then the startup scripts of your chosen distribution may not work correctly with an encrypted key.

Generate an encrypted key

Type the following command to generate a private key that is file encrypted.
openssl genrsa -des3 -out server.key 2048
You will be prompted for the password to access the file and also when starting your webserver.
Warning: If you lose or forget the passphrase, you must purchase another certificate.
If you decide at a later stage that you would rather use an unencrypted key, you may create an unencrypted version of server.key in server.key.unsecure by executing:
openssl rsa -in server.key -out server.key.unsecure

Generate an unencrypted key

Type the following command to generate a private key that is not file encrypted.
openssl genrsa -out server.key 2048

Generate a CSR

Type the following command to create a CSR with the RSA private key (output will be PEM format):
openssl req -new -key server.key -out domainname.csr
You will be promted for your PEM passphrase followed by the distinguished name fields (You can find more information on these fields here).

Copy the CSR and use it to buy your certificate online.

Check your certificate signing request online.
Back to help on the certification process.
Buy your certificate online.

© SpaceReg 1998-2023