Generate a CSR (Certificate Signing Request) on your server when you want to get a certificate from a certified provider is often a mandatory step, very easy to execute.
Here are the different steps to execute:
- Create a specific directory where you will put all your files
1mkdir sub.domain.com && cd sub.domain.com
- Generate a private key of 2048 bits
1openssl genrsa -out sub.domain.com.key 2048
- Now generate a CSR with openssl and with the private key you just generated
1openssl req -new -sha256 -key sub.domain.com.key -out sub.domain.com.csr
Many information will be asked during the creation:
123456789Country Name (2 letter code) :State or Province Name (full name) :Locality Name (eg, city) :Organization Name (eg, company) :Organizational Unit Name (eg, section) :Common Name (eg, YOUR name) :Email Address :A challenge password :An optional company name :
- You now have your CSR and your private key
It’s up to you to get your signed certificate from an official provider using those files.