There are just a few simple steps to generate a Certificate Signing Requets you can pass off to your Certificate Authority of choice. After you’ve completed the steps in this guide, you’ll have a CSR ready to pass off to your Certificate Authority of choice.
First, you’ll need to make sure you have an openssl package installed. You can do this by running
$ which openssl
You should see a full path to the openssl binary if it’s installed and present on your system.
OpenSSL is included in the base world installation, so you’re all set to go. You can additionally install an updated version via ports security/openssl
yum install openssl openssl-devel
apt-get install openssl
OpenSSL is included by default, if you prefer an updated installation, you can use brew install openssl to install OpenSSL via HomeBrew
Generate your Key & CSR
Here, we’ll generate a RSA Private Key & CSR for our domain, svwh.net.
openssl genrsa -out ~/ssl/svwh.net.key 2048
openssl genrsa -out ~/ssl/svwh.net.key 4096
if you prefer a 4096-bit RSA key.
Now, you’ll run the command to generate the CSR. OpenSSL will prompt you for the details using any defaults you may have configured.
Your CSR is now present in ~/ssl/svwh.net.csr. If you want, you can use openssl to confirm you entered everything as expected. Information supplied in the previous command will be visible in the Subject line of the certificate:
openssl req -in ~/ssl/svwh.net.csr -text -noout
Your SSL Certificate Signing Request is now ready to be handed off to the Certificate Authority of your choice. If you’d like to purchase your SSL certificate through SVWH, you can find information about pricing and how to order at https://www.svwh.net/ssl-certificates.html