Generating certificate signing request

Generating Certificate Signing Request (CSR) using Apache Mod_SSL/OpenSSL

A CSR is a file containing your certificate application information, including your Public Key. As root, to generate a pair of private key and public Certificate Signing Request (CSR) for a webserver, “server”, use the following command :

This creates two files. The file myserver.key contains a private key; do not disclose this file to anyone. Carefully protect the private key. In particular, be sure to backup the private key, as there is no means to recover it. The private key is used as input in the command to generate a Certificate Signing Request (CSR). You will now be asked to enter details to be entered into your CSR. What you are about to enter is what is called a Distinguished Name or a DN. For some fields there will be a default value, If you enter ‘.’, the field will be left blank.

Enter the following ‘extra’ attributes to be sent with your certificate request

Here, the Common Name (CN) is the most important which should be what you wanted to run over https. For example – if you wanted to have http://www.egg.com to https://www.egg.com then CN should be www.egg.com but not just egg.com. http://www.egg.com and http://egg.com has different meaning though web server may serve same contents. The fields email address, optional company name and challenge password can be left blank for a webserver certificate. Now CSR is created and send to your requester.