How To Create A Certificate Signing Request (CSR) For SSL

Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet. SSL creates a secure connection between a client and a server. From 1st October all the Facebook app have to support SSL. For that I had to setup up SSL on many clients server. This “how to” is two part – on this post i will show you how you can create CSR and on next post i will show how to setup SSL on an Ubuntu server botf Namebased and IP based. The first part is to generate a CSR file and Post it to the company who gives CRT files using this CSR.

You need to do the following steps

Generate a KEY file

Generate the CSR file.

First intall openssl on your server

apt-get install openssl
apt-get install openssl-devel
apt-get install libssl-dev

Some time you have to setup ca-certificates for you-self though it supossed to setup by its own. Enter following command to setup ca-certificates

apt-get install ca-certificates

First create a folder for our certificates

 mkdir ~/domainname.com.ssl/
cd domainname.com.ssl/

To generate a KEY and a CSR file, you can use OpenSSL to generate them. But you first need to create a KEY file in order to create a CSR file. To generate a KEY file, do this …

openssl genrsa -out ~/domainname.com.ssl/domainname.com.key 2048

Now create CSR file

openssl req -new -key ~/domain.com.ssl/domain.com.key -out ~/domain.com.ssl/domain.com.csr

It will ask you questions of questions

Common Name – this is not the owner’s name whatsoever. The correct value for this is your domain url e.g. www.domain.com
Organization Name – The exact legal name of your organization. Do not abbreviate
Organization Unit – Section of the organization (not really important. up to you)
City or Locality – The city where your organization is located. Do not abbreviate
State or Province – The state or province where your organization is legally located.
Country – The two-letter country code.

DN Field Explanation Example
Common Name The fully qualified domain name for your web server. This must be an exact match. If you intend to secure the URL https://www.yourdomain.com, then your CSR’s common name must be www.yourdomain.com. If you plan on getting a Wildcard certificate make sure to prefix your domain with a ‘*’ ex. *.domain.com
Organization The exact legal name of your organization. Do not abbreviate your organization name. domain.com
Organization Unit Section of the organization IT
City or Locality The city where your organization is legally located. Wellesley Hills
State or Province The state or province where your organization is legally located. Can not be abbreviated. Massachusetts
Country The two-letter ISO abbreviation for your country. US

* Warning: Leave the challenge password blank (press enter)

All of the SSL provider need the content of CSR file to generate CRT files. Use the content of the CSR file. You can view it by

nano domain.csr

About Zakir Hyder

This entry was written by .

04. October 2011 by Zakir Hyder
Categories: Linux, Server Management | Tags: , , , | Comments

Comments

  1. […] How To Create A Certificate Signing Request (CSR) For SSL Tuesday, October 04, 2011 12:24 PM Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet. SSL creates a secure connection between a client and a server. From 1st October all the Facebook app have to support SSL. For that I had to setup up SSL on many clients server. This “how to” is two part – […] […]

  2. […] part of the SSL setup tutorial. Before reading this make sure you have followed the step shown How To Create A Certificate Signing Request (CSR) For SSL. In This tutorial i am assuming you have only one domain and no sub-domains on the server. By now […]

  3. […] part of the SSL setup tutorial. Before reading this make sure you have followed the step shown How To Create A Certificate Signing Request (CSR) For SSL. In This tutorial i am assuming you have only one domain and no sub-domains on the server. By now […]