Creating Certificate Signing Requests (CSR) on Ubuntu 16.04 LTS Servers

When you want to install domain SSL/TLS certificates on your websites you need to get a certificate signing request file to the certificate authority…

Certificate signing request is the first step you take in acquiring trusted SSL/TLS certificates for your domain. Before you can generate SSL certificates, you must first generate or create a CSR file and provide that to the certificate authority. The authority will then use the request to generate a certificate for your server.

The CSR request contains information that will be used to create the certificate. These include, the organization name, common name (domain), locality, country and more.

It also contains the public key that is used to generate a certificate. A private key is also created during the time of the CSR creation.

This brief tutorial is going to show you how to easily generate a Certificate Signing Request for your Ubuntu 16.04 LTS servers

Step 1: Creating CSR on Ubuntu 16.04

When you’re ready to protect your website with SSL/TLS certificate, you must first generate a certificate signing request. This request contains information that is needed to generate a trusted certificate.

To generate a certificate for Apache2 webserver on Linux systems, logon to your computer as root and run the below command.

openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr

When you press the Enter key, you’ll then be asked series of question related to the certificate you’re requesting. Find the highlighted field below to give you an idea.

Generating a 2048 bit RSA private key
........+++
.....................+++
writing new private key to 'example.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:Brooklyn
Organization Name (eg, company) [Internet Widgits Pty Ltd]:EXAMPLE.COM
Organizational Unit Name (eg, section) []:SSL Unit
Common Name (e.g. server FQDN or YOUR name) []:example.com
Email Address []:webmaster@example.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

It important that you leave the password field blank above, or you’ll be prompted always when you restart the web server.

This command creates the CSR file as well as the server’s private key file. The private key must be protected and kept very safe. This is very important.

Step 2: Send the CSR content to your certificate Authority

After you creating the request above, look into the same directory you ran the command and you’ll find a file named after your domain, called example.com.csr.

Open the example.com.csr to view the content. Then copy and paste it to your certificate provider.

cat yourdomain.csr

-----BEGIN CERTIFICATE REQUEST-----
MIIC3zCCAccCAQAwgZkxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlNaW5uZXNvdGEx
FDASBgNVBAcMC01pbm5lYXBvbGlzMRgwFgYDVQQKDA9NeSBCbG9nIENvbXBhbnkx
DDAKBgNVBAsMA1NTTDEVMBMGA1UEAwwMbXlkb21haW4uY29tMSEwHwYJKoZIhvcN
AQkBFhJhZG1pbkBteWRvbWFpbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDbxsZzIAdeGuIN3m00F71WBHklL8f5I3j4UebS7ISqL1HWb7KVEj+r
QKBQzmZ70Izq152+6BTF/AeMwzusUrcr3iOaOThFYqBAx2UYCHBmu3xcGviflwz/
7GnvgUA2b0UL8pNiVCrxk7Dmu1tG0GCo5F5bE1k+60NnUJdtYTTjh1CXguFhKdnn
nGPiAEq9drXnrOEUWjgV3Flkb0XEUXxKt20flPAmp2viobs46TtY3CMgZrl5DaOs
bcCFzTNywCXyC5wj1baWAVxUIMETpAvXjFSINMhu/zN+qDVZe44c2SZEkbXchBvR
xtmeLLO9Y8E9e0KRx373hdHdDKWjXNv7AgMBAAGgADANBgkqhkiG9w0BAQsFAAOC
AQEA047VTE5ayHQG5efbpE4jxGCUBHeAHTZw4sXy2s8q/beCXnEFdbbk2R7+B9rZ
1Q5FR5sZq9tiJ/7kcZEfE/C4ZRiQi1dSkhvZWPOvfVJn7ETdyFUp+e3Yh5dGQBRE
qOGwI5vxfoWlKkgYmAKYKVd2W+QibofAiXNkRzsW3ecZUG9Dj7rD+Y+VeVKX0sCL
doOCxZlEjRoKjJC/f+kcuGaHvJMNXGBApniGTKCsNnIypVdDUcKedvl7wF8mxdqo
j70uQaeY7tqjaLIAeqdd9WHADCxwCmSJovPqWA9JQN+TbpLG4oqSu7n8EdFcgSVJ
P8rSweAqn1RQb88NuLdQuxdzBQ==
-----END CERTIFICATE REQUEST-----

Copy the entire content from the BEGIN to the END and send to the certificate authority.. The authority will use the file to create a certificate you purchased and send it back to you… You then install the cert on the domain you want to protect.

Enjoy!

You may also like this post:

Install phpMyAdmin on Ubuntu 16.04 LTS with Apache2, MariaDB and PHP 7.1 Support

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.