Generate a CSR (Certificate Signing Request) on your server when you want to get a certificate from a certified provider is often a mandatory step, very easy to execute.
Here are the different steps to execute:
- Create a specific directory where you will put all your files
mkdir sub.domain.com && cd sub.domain.com
- Generate a private key of 2048 bits
openssl genrsa -out sub.domain.com.key 2048
- Now generate a CSR with openssl and with the private key you just generated
openssl req -new -sha256 -key sub.domain.com.key -out sub.domain.com.csr
Many information will be asked during the creation:
Country Name (2 letter code) []: State or Province Name (full name) []: Locality Name (eg, city) []: Organization Name (eg, company) []: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []: Email Address []: A challenge password []: An optional company name []:
- You now have your CSR and your private key
It’s up to you to get your signed certificate from an official provider using those files.