To generate a CSR for your domain, first create a file named config.txt on your account. Then open that file and add the following lines in it:
[req] distinguished_name = req_distinguished_name req_extensions = v3_req prompt = no [req_distinguished_name] C = your_country_code ST = your_state L = your_city O = your_company_name OU = IT Dept. CN = yourdomainname.com [v3_req] keyUsage = keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1 = www.yourdomainname.com
In the above, replace:
- your_country_code – The ISO country code your organization is registered in. This length of the code is 2 characters;
- your_state – The state/province the company is registered in;
- your_city – The city the company is registered in;
- your_company_name – The full name of your company;
- yourdomainname.com – Your domain name. Note that you should replace this twice in the file.
To add more Subject Alternative Names (SANs) to the CSR, add more DNS lines at the bottom of the file, for example:
DNS.2 = myotherdomainname.com DNS.3 = www.myotherdomainname.com
Save the changes and access your account via SSH. Then navigate to the location you saved the config.txt file and run the following command:
openssl req -new -out certificate.csr -newkey rsa:2048 -nodes -sha256 -keyout certificate.key -config config.txt
This will create two new files:
- certificate.csr – this file contains the Certificate Signing Request;
- certificate.key – this file contains the Private Key that you will need during the installation of the SSL certificate.
Deleting the file with the private key from your account once you have copied it somewhere safe is strongly advisable for security reasons.