Generate the RSA key
Run the following commands to create a directory in which to store your RSA key, substituting a directory name of your choice:
mkdir ~/domain.com.ssl/
cd ~/domain.com.ssl/
Run the following command to generate a private key:
openssl genrsa -out ~/domain.com.ssl/domain.com.key 2048
Create a CSR
Type the following command to create a CSR with the RSA private key (output is in PEM format):
openssl req -new -sha256 -key ~/domain.com.ssl/domain.com.key -out ~/domain.com.ssl/domain.com.csr
When prompted, enter the necessary information for creating a CSR by using the conventions shown in the following table.
Note: The following characters cannot be used in the Organization Name or theOrganizational Unit: < > ~ ! @ # $ % ^ * / \ ( ) ?.,&
| DN field | Explanation | Example |
|---|---|---|
| Common Name | The fully qualified domain name for your web server. This must be an exact match. | If you intend to secure the URL https://www.yourdomain.com, then your CSR’s common name must be www.yourdomain.com. If you plan to get a wildcard certificate, make sure to prefix your domain name with an asterisk, for example: *.domain.com. |
| Organization Name | The exact legal name of your organization. Do not abbreviate your organization name. | domain.com |
| Organizational Unit | Section of the organization. | IT |
| City or Locality | The city where your organization is legally located. | Wellesley Hills |
| State or Province | The state or province where your organization is legally located. Do not use an abbreviation. | Massachusetts |
| Country | The two-letter ISO abbreviation for your country. | US |
Warning: Leave the challenge password blank (press Enter).
Verify your CSR
Run the following command to verify your CSR:
openssl req -noout -text -in ~/domain.com.ssl/domain.com.csr
Submit your CSR
Submit the CSR that you created to a certificate authority.
Trouble Shooting:
A really cool list of commands you can run here