SSL Certificates have become an essential requirement for any live website. SSL certificates are verified and issued by a Certificate Authority (CA). These certificates have two categories:
- Self-Signed certificates: Signed by an entity creating it rather than a trusted certificate authority. Mostly used for trial and development purposes and on an intranet environment.
- CA Certificates: Signed by a trusted CA (Certificate Authority) such as Verisign, DigiCert, GoDaddy,Thawte, etc.
The first step towards acquiring an SSL certificate is generating a CSR and submitting it to the CA. A CSR or certificate signing request is a block of encrypted text sent from an entity to a certificate authority when applying for SSL certificate. It contains all the information including the organization's name, country, city, email address, etc. that is required for the generation of an SSL certificate.
In this article, I will demonstrate to you how to generate CSR on Ubuntu 18.04 LTS.
For generating CSR on Ubuntu OS, you will require OpenSSL tool. OpenSSL is an open source tool widely used for generating a CSR. To check whether OpenSSL is installed or not, open the Terminal by pressing Ctrl+Alt+T and then type the below command:
dpkg -l |grep openssl
If it is already installed, it will return the following results.
Installing OpenSSL
If you don’t see the above results, enter the below command in order to install OpenSSL.
Generating a CSR with OpenSSL
There are two steps involved in generating a certificate signing request (CSR). First, you have to generate a private key, and then generate CSR using that private key.
Step 1: Generate a private key
Enter the following command in the Terminal with sudo to generate a private key using RSA algorithm with a key length of 2048 bits.
$ sudo openssl genrsa –out domain.key 2048
Replace domain with your own domain name.
Above command will generate a private key named domain.key and place it in your current directory.
Step 2: Generate the CSR
After generating the private key, you will need to generate CSR. Enter the below command to generate CSR using the newly generated private key.
$ sudo openssl req –new –key domain.key –out domain.csr
You will be prompted to enter a few details like Country name, State, Organization name, email address, etc. Make sure to enter the right information, as it will be checked by a certificate authority.
This command will generate a CSR file named domain.csr and put it in your current directory.
Alternative Method of generating a CSR
Alternatively, there is a single command that will create a private key and then generate CSR simultaneously. The command syntax is as follows:
$ sudo openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr
Replace domain in the above command with your own domain.
Enter few details like Country name; State, Organization name, email address, etc. and make sure to enter right information as it will be later checked by a certificate authority.
Above command will generate a private key and CSR named domain.key and domain.csr respectively and put it in your current directory.
View and copy the content of a private key
You can view and keep the private keys on your server that you may need later. However, do not share it with anyone. To view the contents of the private key file, navigate to the directory where the key file is stored. Then run the below method as sudo:
$ sudo cat domain.key
To copy the contents of the private key file, select and copy the entire content including the “BEGIN PRIVATE KEY” and “END PRIVATE KEY” tags.
View and copy contents of CSR file
You will need to send the CSR file to a certificate signing authority by copy-pasting the entire content of CSR file to certificate authority.
To view the content of the CSR file, navigate to the directory where the CSR file is stored. Then run the below method as sudo:
$ sudo cat domain.csr
To copy the contents of the CSR file, select and copy the entire content including the “BEGIN CERTIFICATE REQUEST” and “END CERTIFICATE REQUEST” tags.
That was all you need to know about generating a certificate signing request (CSR). Now you can get an SSL certificate from certificate signing authority by pasting the content of CSR file on the order form when enrolling for SSL certificate.