Home » SSL Certificates » Generate a CSR: Apache (OpenSSL)

Generate a CSR: Apache (OpenSSL)

To generate a Key Pair and Certificate Signing Request (CSR), please do the following:

PART 1: Generating the Key Pair

Step 1 of 4

The utility OpenSSL is used to generate both Private Key (key) and Certificate Signing request (CSR). OpenSSL is usually installed under /usr/local/ssl/bin. If you have a custom install, you will need to adjust these instructions appropriately.

Step 2 of 4

Type the following command at the prompt:

openssl genrsa -des3 -out www.mydomain.com.key 2048

Please note: If you do not wish to use a Pass Phrase, do not use the -des3 command. It will however leave the private key unprotected.

Step 3 of 4

Enter the PEM Pass Phrase. (This MUST be remembered).

Step 4 of 4

This will generate a 2048 RSA Private Key and store it in the file www.mydomain.com.key.

PART 2: Generating the CSR

Step 1 of 3

Type the following command at the prompt:

openssl req -new -key www.mydomain.com.key -out www.mydomain.com.csr

Please note:You will be prompted for the PEM Pass Phrase if you included the -des3 command. Type it in now.

Please note: There is a known issue with Apache/OpenSSL Windows Based Installations. If you receive an error with the above command, Please enter the following:

openssl req -new -key www.mydomain.com.key -out www.mydomain.com.csr -config openssl.cnf

Step 2 of 3

Input the information for the Certificate Signing Request. This information will be displayed in the certificate.

Please note:The following characters cannot be accepted: < > ~ ! @ # $ % ^ / ( ) ?.,&

Country Name (2 letter code) [AU]:GB

State or Province Name (full name) [Some-State]:London

Locality Name (eg, city) []:London

Organization Name (eg, company) [GX Networks Ltd]:Webfusion

Organizational Unit Name (eg, section) []:IT

Common Name (eg, YOUR name) []:www.globalsign.net (Must be the FQDN – Fully Qualifed Domain Name)

Important: DO NOT Enter the following:

Email Address []:

A challenge password []:

An optional company name []:

Step 3 of 3

Please verify the CSR, to ensure all information is correct. Use the following command:

openssl req -noout -text -in www.mydomain.com.csr

The CSR will now be created.

Related Support Material:

How do I generate a CSR (Certificate Signing Request)?