Generate a CSR (Certificate Signing Request) on your server when you want to get a certificate from a certified provider is often a mandatory step, very easy to execute.
Here are the different steps to execute:
- Create a specific directory where you will put all your files
mkdir sub.domain.com && cd sub.domain.com
- Generate a private key of 2048 bits
openssl genrsa -out sub.domain.com.key 2048
- Now generate a CSR with openssl and with the private key you just generated
openssl req -new -sha256 -key sub.domain.com.key -out sub.domain.com.csr
Many information will be asked during the creation:
Country Name (2 letter code) : State or Province Name (full name) : Locality Name (eg, city) : Organization Name (eg, company) : Organizational Unit Name (eg, section) : Common Name (eg, YOUR name) : Email Address : A challenge password : An optional company name :
- You now have your CSR and your private key
It’s up to you to get your signed certificate from an official provider using those files.