Lesson 38: Generate Certificate Signing Request (CSR) for Apache2

Students lesson 38 assignment: How do you create a certificate signing request for Apache2 on Linux systems?

Certificate signing request is the first step you take in acquiring trusted SSL/TLS certificates for your domain. If you need to protect the information being transferred between your web server and client’s browsers, you must install SSL/TLS certificates.

Before you can generate SSL certificates, you must first generate or create a CSR request and provide that to the certificate provider. The provider will then use the request to generate a certificate for your server.

The CSR request contains information that will be used to create the certificate. These include, the organization name, common name (domain), locality, country and more.

It also contains the public key that is used to generate a certificate. A private key is also created during the time of the CSR creation.

This brief tutorial is going to show you how to easily generate a Certificate Signing Request for your Apache2 servers on Linux systems.

Step 1: Creating CSR for Apache2 web server

When you’re ready to protect your website with SSL/TLS certificate, you must first generate a certificate signing request. This request contains information that is needed to generate a trusted certificate.

To generate a certificate for Apache2 webserver on Linux systems, logon to your computer as root and run the below command.

openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

When you press the Enter key, you’ll then be asked series of question related to the certificate you’re requesting. Find the highlighted field below to give you an idea.

Generating a 2048 bit RSA private key
writing new private key to 'mydomain.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Minnesota
Locality Name (eg, city) []:Minneapolis
Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Blog Company
Organizational Unit Name (eg, section) []:SSL
Common Name (e.g. server FQDN or YOUR name) []:yourdomain.com
Email Address []:admin@mydomain.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

It important that you leave the password field blank above, or you’ll be prompted always after restart Apache2 server.

This command creates the request as well as the server’s private key. The private key must be protected and kept very safe. This is very important.

Step 2: Send the CSR content to your certificate provider

After you creating the request above, look into the same directory you ran the command and you’ll find a file named after your domain, called yourdomain.csr.

Open the youdomain.csr to view the content. Then copy and paste it to your certificate provider.

cat yourdomain.csr


Copy the entire content from the BEGIN to the END.

That’s it! In our next post we’ll show you how to install the certificate after receiving.

Thanks for reading and please come back soon.

You may also like this post:

Lesson 36: Installing the LEMP Stack on Ubuntu