Question: My SSL certificate company needs a CSR, how do I get a CSR?

Most SSL distributors will ask for a CSR when you try to purchase a certificate from them. Follow these instructions to generate a CSR for your domain.

1. SSH into your webserver with your login name and password. 2. Create a directory to store your certificate key, certificate CSR, and certificate.

mkdir certs ; cd certs

3. Type the following command to generate your RSA private key, please adjust the filename 'domainname.key' accordingly.

openssl genrsa -out domainname.key 2048

4. Type the following command to create a CSR with the RSA private key, adjusting the filenames for your domain name (output will be PEM format):

openssl req -new -sha256 -key domainname.key -out domainname.csr

5. When creating a CSR you must follow these conventions. Enter the information to be displayed in the certificate. The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?.,&

• Common Name - The fully qualified domain name for your web server. This must be an exact match.
  Example: If you intend to secure the URL https://www.geotrust.com, then your CSR's common name must be www.geotrust.com.
  
  

  Organization - The exact legal name of your organization. Do not abbreviate your organization name.
  Example: GeoTrust
  
  

  Organization Unit - Section of the organization.
  

  • Example: Marketing
    
    

  City or Locality - The city where your organization is legally located.
  

  • Example: Wellesley Hills
    
    

  State or Province - The state or province where your organization is legally located. Can not be abbreviated.
  

  • Example: Massechusetts
    
    

  Country - The two-letter ISO abbreviation for your country.
  

  • Example: US
    
    

6. Do not enter extra attributes at the prompt.