Monday 23 September 2013

Generating a CSR for an SSL certificate

So here’s how I do it

 # generate the key DOMAIN='mydomain.com'; openssl req -new -newkey rsa:2048 -keyout ${DOMAIN}.key -nodes -out ${DOMAIN}.csr 

You will then be asked a load of questions.

You can skip most of the questions if you’re getting a “class 1 certificate” ( hint: if you don’t know what class you’re getting then chances are it’s a class 1 )

The only bit that you really need to pay attention to is the common name – this has to match the domain on which you’re going to use the SSL certificate. For 99% of people this means www.mydomain.com and for the other 1% who are getting a wildcard it means using *.mydomain.com

Don’t use mydomain.com as the common name as this will automatically be included for you.