Generating a CSR using Apache (openSSL)

The following steps will guide you in how to generate a CSR using an Apache Server and OpenSSL

Note: You must be logged in as root via SSH to the server to do this.

Part 1: generating the private key

Ensure you’re in the home folder
cd ~
Create a folder for your CSR, and Private Key
mkdir /; cd /;
Generate the key pair using OpenSSL
openssl genrsa -des3 -out 2048
Tip: If you’re intending on using your SSL certificate on a web server, to reduce the need to enter a password each time you restart the system, you can simply omit the -des3 command
Enter the PEM Pass Phrase (this must not be lost or your Private Key will be lost).


You will now have generated a 2048 BIT RSA Private Key and saved it to the file

Part 2: Genrating the CSR

Type the following command at the prompt:
openssl req -new -key -out
Note: You will be prompted for the PEM passphrase from Part 1 if you entered one.

Input the information for the certificate signing request, this information may be displayed in the certificate.

Note: The following characters cannot be accepted: < > ~ ! @ #€ $ ^ * / ` ( ) ? . , %


TIP: For wildcards enter *.domain.comIf your domain has no prefix, such as enter is as and you will get added on as a SAN entry

Please verify the CSR, to ensure all information is correct, use the following command:
openssl req -noout -text -in www.mydomain.csr

The CSR will now be created and can be submitted to the certificate portal