What is a CSR?
A CSR or Certificate Signing request is a block of encoded text that is given to a Certificate Authority when applying for an SSL Certificate. It is usually generated on the server where the certificate will be installed and contains information that will be included in the certificate such as the organization name, common name (domain name), locality, and country. It also contains the public key that will be included in the certificate. A private key is usually created at the same time that you create the CSR, making a key pair.
A certificate authority(CA) e.g. Comodo SL or GeoTrust, will use a CSR to create your SSL certificate, but it does not need your private key. You need to keep your private key secret. The certificate created with a particular CSR will only work with the private key that was generated with it. So if you lose the private key, the certificate will no longer work.
Below is how to generate CSR on linux using OpenSSL.
1. Open a terminal in Linux
2. Type the following command (change nadzweb to your domain name)
openssl req -out nadzweb.csr -new -newkey rsa:2048 -nodes -keyout nadzweb.key
3. Fill the following fields on prompt.
|Country Name||NZ (2 Letter Code)|
|State or Province||North Island(Full State Name)|
|Locality||Auckland(Full City name)|
|Organization||Nadzweb Ltd (Entity’s Legal Name)|
|Organizational Unit||. (Optional, e.g. a department)|
|Common Name||www.nadzweb.com (Domain or Entity name)|
If you are planning to get a wildcard SSL, then use *.nadzweb.com for the Common Name above
4. There will be 2 keys generated.
nadzweb.key and nadzweb.csr.
5. Send the CSR(nadzweb.csr) to the Certificate Authority to receive the SSL certificates.