Knowledge Base
Categories: Security
Generating a CSR for Apache using OpenSSL and mod_ssl
Want to create a CSR for Apache server? Don't panic, we shall guide you step by step. OpenSSL and mod_ssl are here to spare you the trouble, it is simpler than you think. Securing your site is the next step!
How to Generate CSR for Apache Server Using OpenSSL and mod_ssl
Below are the instructions to create a CSR for Apache Server using OpenSSL and mod_ssl:
- Log into your server and enter the following command:
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr
This creates two files:- CSR called server.csr
- The file myserver.key contains a private key.
- Do not disclose this file to anyone.
- Be sure to save the private key since there is no way to retrieve it if it is lost. The private key is required as input when generating a Certificate Signing Request (CSR).
- You will now need to provide information for inclusion in your CSR.
Field Example Country Name (2-letter code) [AU] GB State or Province Name (full name) [Some-State] Yorks Locality Name (city) [] York Organization Name (company) [Internet Widgits Pty Ltd]: MyCompany Ltd Organizational Unit Name (section) [ ] IT Common Name (domain name of website) [ ] mysubdomain.mydomain.com Email Address [ ] [email protected] Please enter the following extra attributes to be sent with your certificate request:
- • A challenge password
- • An optional company name
- • The Common Name or CN field is where you can enter the fully qualified domain name of a website, which requires the certificate.
Note: The Common Name should be in this format mydomain.com for wildcard certificates. These fields can be left blank for a web server certificate: email address, optional company name, and challenge password.
- Your CSR will now have been created.
- To open the server.csr, you can use a text editor. Then, copy and paste the contents into the online enrollment form when requested. Alternatively, you may issue this command:
openssl req -nodes -newkey rsa:2048 -nodes -keyout myserver.key -out server.csr
-subj "/C=GB/ST=Yorks/L=York/O=MyCompany Ltd./OU=IT/CN=mysubdomain.mydomain.com"
Note: The key will not be encrypted with a DES pass phrase if the -nodes is inputted.
The myserver.key file should be kept secure, such as readable only by root on Linux systems. Removing the -nodes option from the openssl command will request a password and encrypt the private key. This can increase security, but note that the password will be required each time Apache is restarted.
The myserver.key file should be kept secure, such as readable only by root on Linux systems. Removing the -nodes option from the openssl command will request a password and encrypt the private key. This can increase security, but note that the password will be required each time Apache is restarted.
Important: If you need more information on how to generate a CSR for Apache with mod_ssl and OpenSSL, please contact your hosting provider.
Review
And there you have it! You've successfully generated a CSR for your Apache server. Now you're one step closer to getting that SSL certificate and boosting your website's security. Remember, if you hit any snags, your hosting provider is there to help.
* Your feedback is too short