Generating a CSR using Apache (openSSL)

The following steps will guide you in how to generate a CSR using an Apache Server and OpenSSL

Note: You must be logged in as root via SSH to the server to do this.

Part 1: generating the private key

Ensure you’re in the home folder
cd ~
Create a folder for your CSR, and Private Key
mkdir /www.mydomain.com; cd /www.mydomain.com;
Generate the key pair using OpenSSL
openssl genrsa -des3 -out www.mydomain.com.key 2048
Tip: If you’re intending on using your SSL certificate on a web server, to reduce the need to enter a password each time you restart the system, you can simply omit the -des3 command
Enter the PEM Pass Phrase (this must not be lost or your Private Key will be lost).

step1

You will now have generated a 2048 BIT RSA Private Key and saved it to the file www.mydomain.com.key

Part 2: Genrating the CSR

Type the following command at the prompt:
openssl req -new -key www.mydomain.com.key -out www.mydomain.com.csr
Note: You will be prompted for the PEM passphrase from Part 1 if you entered one.

Input the information for the certificate signing request, this information may be displayed in the certificate.

Note: The following characters cannot be accepted: < > ~ ! @ #€ $ ^ * / ` ( ) ? . , %

step2

TIP: For wildcards enter *.domain.comIf your domain has no prefix, such as domain.com enter is as www.domain.com and you will get domain.com added on as a SAN entry

Please verify the CSR, to ensure all information is correct, use the following command:
openssl req -noout -text -in www.mydomain.csr

The CSR will now be created and can be submitted to the certificate portal