To obtain an SSL certificate, a Certificate Signing Request (CSR) must be generated. This can be done using openssl on Linux based servers. The procedure is as follows:
1. Install openssl
[root@web
~]# yum
install openssl openssl-devel
2. Navigate to the location where you want to save your Private RSA Key. Here, we will create a directory inside of home called certs.
[root@web
~]# mkdir
/home/example/certs/
[root@web
~]# cd
/home/example/certs/
3.Run the command below to generate the key. Remember to change your directory path
[root@web
~]# openssl
genrsa -out /home/example/certs/example.co.ke.key 2048
A successful execution yields something like what you can see below
[root@web
~]# openssl
genrsa -out /home/example/certs/example.co.ke.key 2048
Generating
RSA private key, 2048 bit long modulus
............+++
...................+++
e
is 65537 (0x10001)
[root@web
certs]#
4. Run the command below, replacing the paths respectively, to generate a CSR with the RSA key. The output will be in PEM format.
[root@web
~]# openssl
req -new -sha256 -key /home/example/certs/example.co.ke.key -out
/home/example/certs/example.co.ke.csr
5. Fill in the
various pieces of information prompted. They will be included in the
certificate request. You can ignore the ‘Extra’ information by
pressing Enter on your keyboard. Also, note that there are some
special characters that cannot be used in the Organization Name and
Organization Unit sections. These are < >
~ ! @ # $ % ^ * / \ ( ) ? . , &
You should now have your CSR ready and saved in a file called example.co.ke.csr in the certs folder you created.
6. You can verify the information in the CSR using the command below
[root@web
~]# openssl
req -noout -text -in /home/example/certs/example.co.ke.csr
At this point you should proceed to your preferred SSL vendor and use the CSR to secure an SSL certificate. SSL certificate are very affordable nowdays. We even have Free SSL available. RapidSSL offers a 30 day trial SSL, Comodo offers a 90 day free SSL and Let’s Encrypt offers free for life SSL. Check out sslforfree.com or zerossl.com for your Let’s Encrypt SSL.
1 Comment