Certificate Signing Request (CSR) is a step necessary during the installation of a Secure Sockets Layer (SSL) certificate for your website. It contains information that is necessary for the Certificate Authority (CA) to build your SSL certificate.
How you generate the CSR will depend on the web server in use. This guide covers CSR generation on Apache, Nginx, and Microsoft IIS.
Note: The process for Apache and Nginx is the same.
Generating CSR on Apache and Nginx
- Step 1. Connect to your server using Secure Shell (SSH).
- Step 2. Enter the following command to begin CSR generation:
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
- Step 3. Fill in the requested information (See “Guide to CSR Information Required” below). You can safely ignore the “Optional” fields following “Email Address.”
- Step 4. Click on the “Generate” button.
This step will complete the process and save your CSR information into the filenames specified in Step 2 above (yourdomain.key and yourdomain.csr). You can open the files with a plain text editor – the contained information is necessary to create your SSL certificate.
Generating CSR on Microsoft IIS
- Step 1. Connect to your Microsoft Exchange Admin Center.
Once logged in, select “Servers” from the left navigation menu and choose the “Certificates” option.
- Step 2. Start the process by clicking the “+” or “>” icon, which will launch the Exchange Certificate wizard.
- Step 3. At the “Server Certificates” display, click on the “Create Certificate Request” link on the right-hand navigation panel. This step launches the Request Certificate Wizard.
- Step 4. On the Distinguished Name Properties screen, complete the CSR information required (See “Guide to CSR Information Required” below). Click “Next” when done.
- Step 5. On the Cryptographic Service Provider Properties screen, select “Microsoft RSA SChannel Cryptographic Provider” with a Bit Length of 2048. Click “Next” when done.
- Step 6. You can now save the information in a filename and location of your choice. Click “Finish” to complete the process.
Guide to CSR Information Required
During the CSR generation process, you need to complete the information necessary for SSL certificate issuance. This information includes:
- Country: The country code should be a two-character ISO code for the location. For example, the code for the United States will be “US”.
- State or Province: The name of the state in which the business is (or registered). Complete the name in full, do not abbreviate the name.
- City or Locality: The city name in which the business is (or registered). Complete the name in full, do not abbreviate the name.
- Organization: For personal use, this should be the name of the person requesting the certificate. If an entity owns the website, it should be the legal business name.
- Organization Unit: This is the trade name of the business or the name it operates under (if different from the legal business name).
- Common Name: This is the complete domain name you wish to cover with the SSL. For example, yourdomain.com, mail.yourdomain.com, or *.yourdomain.com. The use of an asterisk as part of the domain name is only for Wildcard SSL certificates.
Email Address: Enter the email address for the administrator of the domain name.