What is SSL?
SSL (Secure Sockets Layer) is a standard security protocol for establishing encrypted connection between a web server and client browser in communication.
The usage of SSL technology ensures that all data transmitted between the web server and clients browser remains encrypted.
To get the SSL from Certificate Authorities, you must need to provide the CSR to them and Certificate Authorities will sign the certificate provided by you. CSR contains the information related to Country, State, Locality, Organisation, Organisation Unit, Common Name – Domain Name and email address as well as public key.
Let’s learn how to generate the CSR?
Step 1: Generate the private key first. If you are renewing the SSL this step is not required. To generate the private key use below mentioned command.
surya@x ~/ » openssl genrsa -out blog.suryaelite.com.key 4096 1 ↵ Generating RSA private key, 4096 bit long modulus ................................++ .........++ e is 65537 (0x010001)
2048 or higher bit private key recommended. I have used 4096 bit.
Step 2: Now generate the CSR by using below command.
surya@x ~/ » openssl req -new -key blog.suryaelite.com.key -out blog.suryaelite.com.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:IN State or Province Name (full name) [Some-State]:HR Locality Name (eg, city) :Gurgaon Organization Name (eg, company) [Internet Widgits Pty Ltd]:SuryaElite Organizational Unit Name (eg, section) :blog Common Name (e.g. server FQDN or YOUR name) :blog.suryaelite.com Email Address :email@example.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : An optional company name :Surya Elite Pvt. Ltd.
Now you will have two files, one is private key and second one is CSR. Not you need to send the CSR file to Certificate Authority and then Certificate Authority will sign the Certificate and send you the Certificate.
Now you need to apply the SSL to the web server you are using NGINX or Apache. So this is how you can generate the CSR File.