How to generate a CSR?

To generate a CSR for your domain, first create a file named config.txt on your account. Then open that file and add the following lines in it:

[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = your_country_code
ST = your_state
L = your_city
O = your_company_name
OU = IT Dept.
CN = yourdomainname.com
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = www.yourdomainname.com

In the above replace:

• your_country_code – The ISO country code your organization is registered in. This length of the code is 2 characters;
• your_state – The state/province the company is registered in;
• your_city – The city the company is registered in;
• your_company_name – The full name of your company;
• yourdomainname.com – Your domain name. Note that you should replace this twice in the file.

To add more Subject Alternative Names (SANs) to the CSR, add more DNS lines at the bottom of the file, for example:

DNS.2 = myotherdomainname.com
DNS.3 = www.myotherdomainname.com

Save the changes and access your account via SSH. Then navigate to the location you saved the config.txt file and run the following command:

openssl req -new -out certificate.csr -newkey rsa:2048 -nodes -sha256 -keyout certificate.key -config config.txt

This will create two new files:

• certificate.csr – this file contains the Certificate Signing Request;
• certificate.key – this file contains the Private Key that you will need during the installation of the SSL certificate.

Deleting the file with the private key from your account once you have copied it somewhere safe is strongly advisable for security reasons.