If you’re wanting to start up a web server or perhaps just want to add SSL capabilities to a pre-existing website, this quick tutorial may be useful to you. In a Unix environment, generating a key and certificate request or .key and .csr with OpenSSL is actually quite simple and stress-free. OpenSSL is a cryptographic toolkit that uses SSL and TLS protocols, so this is what we will be using.
Note: This tutorial was made using Ubuntu Server.
If you do not already have OpenSSL, you can quickly install it with:
sudo apt-get install openssl
Generating a Key and Certificate Request
With that out of the way, let’s move on to making the key and Certificate Signing Request (CSR.) This can all be done with one command. It’s a doozy, but I’ll explain each part of the command so you’ll know what to use each bit for in the future.
Head back to your terminal and type in the following (change the bold parts to match your details):
openssl req -new -newkey rsa:2048 -nodes -out your_csr_name.csr -keyout your_key_name.key -subj "/C=your_Country/ST=your_state_or_province/L=your_locality_or_city/O=your_organization/OU=your_organizational_unit/CN=your_common_name"
Let’s say your website is website.com, you live in Orlando, Florida, and work in IT at Disney. You want your CSR name to be myCSR and your key name to be JohnsNewKey. You might put:
openssl req -new -newkey rsa:2048 -nodes -out myCSR.csr -keyout JohnsNewKey.key -subj "/C=USA/ST=Florida/L=Orlando/O=Disney/OU=IT/CN=website.com"