Help Center

  1. StackPath Help
  2. SSL
  3. Advanced User Guides

Generate a CSR for Custom SSL Certifications

Avatar
Joelle Lanke
Updated:

Overview

You can use this document to learn how to create a (Certificate Signing Request) CSR for domains that use web servers, such as Apache or Nginx. 

A CSR is the first step to obtain an SSL certificate. A CSR is a standardized request with information the Certificate Authority (CA) needs before issuing an SSL.

A CSR is composed of three parts:

  • A private key
  • A public key
  • A distinguished name (basic organizational information)

Step 1: Create an RSA Private Key and CSR

  1. From the command line, log into your server. 
  2. Enter the following command: 
    $ openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr
    • domain.key represents the name of the private key file.
    • domain.csr represents the name of the CSR file. You can choose other names in place of domain.
    • The key strength is represented by rsa:2048. As an option, you can choose another value
  3. Press Enter. You will see a message that a 2048 bit RSA private key is being generated and is being written to the file that you previously specified.  

Screen_Shot_2020-04-03_at_1.41.50_PM.png

Step 2: Enter a distinguished name

The CA uses the distinguished name to identify you and your server. 

To create a distinguished name, enter the following required information: 

  • Country Name: Your two-letter country code.
  • State or Province Name: Full name of your state or province.
  • Locality Name: Full name of your city or town.
  • Organization Name: The name of your company or organization.
  • Common Name: Your Fully Qualified Domain Name (FQDN)

As an optional step, enter the following optional information: 

  • Email Address
  • Challenge Password
  • Optional Company Name
  • Organizational Unit Name

After you enter the above information, your CSR is complete. To review your CSR's information, you can use the following command: 

$ openssl req -noout -text -in domain.csr

Step 3: Send your CSR to the CA

To obtain an SSL certificate, you must send your CSR to a CA. 

Review the following example of how to send a CSR to Sectigo. 

  1. With a text editor, open your CSR. 
  2. Copy the text between BEGIN CERTIFICATE REQUEST and END CERTIFICATE REQUEST.

    Screen_Shot_2020-04-03_at_1.37.47_PM.png

  3. After you have purchased and selected the Sectigo SSL of your choice, navigate to the Manage tab, and select Setup Sectigo SSL Certificate.
  4. Paste the CSR text you previously copied in the section labeled CSR under Server Information.
  5. Continue to follow the steps provided to set up your SSL certificate.
Was this article helpful?

Related articles

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Contact Us