Certificate Signing Request (CSR) on Linux

This is a quick overview of how I create CSRs for obtaining SSL certificates.

Create a directory for storing your SSL assets.

cd /etc/apache2 && mkdir ssl && cd ssl

Create a private key.

openssl genrsa -out jasonsnider.com.key 2048

Create a signing request.

openssl req -new -key jasonsnider.com.key -out jasonsnider.com.csr

For most certificate authorities (CA) (I use RapidSSL) you will sign the certificate with your two-letter country code, your full state, and a city with no abbreviations and your organization's name. The "Organizational Unit Name" is probably not going to be required and the "Common Name" is the domain you are requesting a certificate for. For many CAs a certificate created for www.example.com will cover example.com as well.

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Illinois
Locality Name (eg, city) []:Chicago
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Jason Snider   
Organizational Unit Name (eg, section) []:               
Common Name (e.g. server FQDN or YOUR name) []:www.jasonsnider.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

LinkedInGitHubTwitter