Overview
You can use this document to learn how to create a (Certificate Signing Request) CSR for domains that use web servers, such as Apache or Nginx.
A CSR is the first step to obtain an SSL certificate. A CSR is a standardized request with information the Certificate Authority (CA) needs before issuing an SSL.
A CSR is composed of three parts:
- A private key
- A public key
- A distinguished name (basic organizational information)
Step 1: Create an RSA Private Key and CSR
- From the command line, log into your server.
- Enter the following command:
$ openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr
domain.key
represents the name of the private key file.domain.csr
represents the name of the CSR file. You can choose other names in place ofdomain
.- The key strength is represented by
rsa:2048
. As an option, you can choose another value - Press Enter. You will see a message that a 2048 bit RSA private key is being generated and is being written to the file that you previously specified.
Step 2: Enter a distinguished name
The CA uses the distinguished name to identify you and your server.
To create a distinguished name, enter the following required information:
- Country Name: Your two-letter country code.
- State or Province Name: Full name of your state or province.
- Locality Name: Full name of your city or town.
- Organization Name: The name of your company or organization.
- Common Name: Your Fully Qualified Domain Name (FQDN)
As an optional step, enter the following optional information:
- Email Address
- Challenge Password
- Optional Company Name
- Organizational Unit Name
After you enter the above information, your CSR is complete. To review your CSR's information, you can use the following command:
$ openssl req -noout -text -in domain.csr
Step 3: Send your CSR to the CA
To obtain an SSL certificate, you must send your CSR to a CA.
Review the following example of how to send a CSR to Sectigo.
- With a text editor, open your CSR.
- Copy the text between
BEGIN CERTIFICATE REQUEST
andEND CERTIFICATE REQUEST
.
- After you have purchased and selected the Sectigo SSL of your choice, navigate to the Manage tab, and select Setup Sectigo SSL Certificate.
- Paste the CSR text you previously copied in the section labeled CSR under Server Information.
- Continue to follow the steps provided to set up your SSL certificate.