If you’re running Apache with Mod_SSL, you’ll need a valid SSL certificate to secure your website or application. One of the first steps is generating a Certificate Signing Request (CSR). This guide walks you through using OpenSSL with Apache Mod_SSL to create your key pair, generate a CSR, and back up your private key.
What is a CSR?
A CSR is a file containing your certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into the web form in the enrollment process.
Step-by-Step Instructions To Generate A CSR
Step 1: Generate a Key Pair
Note: A key length of 1024 bit is the default, you will need to change this to 2048 bit key.
The utility “openssl” is used to generate the key and CSR. This utility comes with the OpenSSL package and is usually installed under /usr/local/ssl/bin. If you have installed them elsewhere you will need to adjust these instructions appropriately.
Type the following command at the prompt for a non-encrypted key:
openssl genrsa -out yourdomain-example.com.key 2048
This command will generate a 2048 bit RSA private key and stores it in the file yourdomain-example.com.key.
Both the private key and the certificate are required to enable SSL.
Step 2: Generate the CSR
Type the following command at the prompt:
openssl req -new -key yourdomain-example.com.key -out yourdomain-example.com.csr
You will now be asked to enter details to be entered into your CSR. What you are about to enter is what is called a Distinguished Name or a DN. For some fields there will be a default value, If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]: US
State or Province Name (full name) [Some-State]: Your State; do not abbreviate the state or province name
Locality Name (eg, city): Your City
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Your Company Name
Organizational Unit Name (eg, section): IT
Common Name (eg. YOUR name): yourdomain.com
Email Address: someone@somewhere.com
Please enter the following ‘extra’ attributes to be sent with your certificate request.
A challenge password:
An optional company name:
—–
Use the name of the web server as Common Name (CN). If the domain name is mydomain.com append the domain to the hostname (use the fully qualified domain name).
The fields email address, optional company name and challenge password can be left blank for a web server certificate.
Your CSR will now have been created. Open the server.csr in a text editor and copy and paste the contents into the online enrollment form when requested.
Step 3: Backup Your Private Key
No-IP recommends backing up the .key file. A good choice is to create a copy of this file onto a diskette or other removable media. While backing up the private key is not required, having one will be helpful in the instance of a server failure.
FAQ Section
- What is Apache Mod_SSL?
- Apache Mod_SSL is an Apache module that provides strong encryption capabilities using SSL support for secure connections between web servers and clients.
- Why should I use Apache Mod_SSL instead of other SSL modules?
- Apache Mod_SSL is widely supported, integrates seamlessly with OpenSSL, and ensures encrypted traffic. Making it a reliable choice for securing websites and applications.