Knowledge Base
Generating a CSR on Apache: A Step-by-Step Guide
Generating a CSR on Apache: A Step-by-Step Guide
This guide will walk you through the process of generating a Certificate Signing Request (CSR) on an Apache server. Follow these steps carefully to ensure a successful CSR generation.
Step 1: Access Your Server
Connect to your server's terminal using Secure Shell (SSH). This allows you to execute commands directly on your server.
Step 2: Generate Private Key and CSR
Once connected, use the OpenSSL utility to create your private key and CSR files.
- At the command prompt, enter the following:
|
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
|
- Replace yourdomain with your actual domain name. For example: If your domain is sectigo.com, you can use
|
openssl req -new -newkey rsa:2048 -nodes -keyout sectigo.key -out sectigo.csr
|
Command Explanation:
- openssl: The command-line tool for using OpenSSL's cryptography library
- req: Specifies a certificate request and certificate generating utility
- -new: Generates a new certificate request
- -newkey rsa:2048: Creates a new 2048-bit RSA key for the certificate
- -nodes: Creates a key without a passphrase
- -keyout: Specifies the filename for the private key
- -out: Specifies the filename for the CSR
Step 3: Provide Certificate Details
After executing the command, you'll be prompted to enter information for your certificate. Provide accurate details about your organization:
- Country Name: Enter the two-letter country code https://countrycode.org/ (e.g., US for United States).
- State or Province Name: Provide the full name of your state or region.
- Locality Name: Enter the name of your city or town.
- Organization Name: Input your company's officially registered name.
- Organizational Unit Name: Typically "IT" or "Web Administration".
- Common Name: Enter your Fully Qualified Domain Name (FQDN).
- Email Address: Provide a valid email address.
Note: For optional fields (challenge password and optional company name), simply press Enter to leave them blank.
Step 4: File Generation
Upon completion, OpenSSL will generate two files:
- Private Key File: Named yourdomain.key, contains your private key.
- CSR File: Named yourdomain.csr, contains your CSR code.
Important: Keep your private key file secure. You'll need it later for SSL certificate installation.
Step 5: Verify CSR Content (Optional)
To ensure the CSR was generated correctly, you can view its contents:
|
openssl req -text -noout -verify -in yourdomain.csr |
This command displays the CSR's content and verifies its integrity.
You have successfully generated a CSR on your Apache server. Use the .csr file when applying for your SSL certificate from Sectigo or another Certificate Authority. Remember to securely store your private key (.key file) as you'll need it during the SSL certificate installation process.
¿Necesita ayuda?
¿Necesita ayuda para realizar una compra? Póngase en contacto con nosotros hoy mismo para obtener su certificado de inmediato.
Chat en directo
¡Haz clic en el botón de abajo o en «Chatear con un experto» para empezar a chatear con nosotros ahora!
