Generating a Certificate Signing Request
Generate the RSA key
Run the following commands to create a directory in which to store your RSA key, substituting a directory name of your choice:
Run the following command to generate a private key:
openssl genrsa -out ~/my_ssl/my.domain.com.key 2048
Create a CSR
Type the following command to create a CSR with the RSA private key (output is in PEM format):
openssl req -new -sha256 -key ~/my_ssl/my.domain.com.key -out ~/my_ssl/my.domain.com.csr
When prompted, enter the necessary information for creating a CSR by using the conventions shown in the following table.
The fully qualified domain name for your web server. This must be an exact match.
If you intend to secure the URL https://www.yourdomain.com, then your CSR’s common name must be www.yourdomain.com. If you plan to get a wildcard certificate, make sure to prefix your domain name with an asterisk, for example: *.domain.com.
The exact legal name of your organization. Do not abbreviate your organization name.
Section of the organization.
City or Locality
The city where your organization is legally located.
State or Province
The state or province where your organization is legally located. Do not use an abbreviation.
The two-letter ISO abbreviation for your country.
Verify your CSR
Run the following command to verify your CSR:
openssl req -noout -text -in ~/my_ssl/my.domain.com.csr