generate SSL Certificate Signing Request

First generate a new 2048 bit key:

# openssl genrsa -out 2048

I choose not to encrypt the key, because when reloading 240 apache servers, I don’t want to have to enter the passphrase each time. Now we use our key to generate a Certificat Signing Request.

# openssl req -new -key -out

To inspect the CSR:

openssl req -in -noout -text

Now you can sign your own cert, or upload/paste the CSR to a 3rd party provider to issue an official SSL Certificate.

Leave a Reply

Your email address will not be published. Required fields are marked *