- To generate new private key and CSR use following command. Change domain_com with your value.
openssl req -new -newkey rsa:2048 -nodes -keyout domain_com.key -out domain_com.csr
- While creating the CSR you will be prompted about following data. The values in [] are default one. If you click enter then the default values will be taken. All this values are required:
- Country Name (2 letter code) [AU]
State of company who register certificate. Use ISO two char notation, for example: DE - State or Province Name (full name) [Some-State]:
State of company who register certificate. - Locality Name (eg, city) []:
City of company who register certificate. - Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Company name with all additional leagal addings like Ltd / Sp. z o.o. / GmbH etc. - Organizational Unit Name (eg, section) []:
If you are not sure the write just “IT Department” - Common Name (e.g. server FQDN or YOUR name) []:
For wildcard domain *.example.com
For single domain like www.example.com use www. prefix (not only example.com) - Email Address []:
Email address. Not always required.
- Country Name (2 letter code) [AU]
- To check the generated CSR use:
openssl req -in domain_com.csr -noout -textMind the signature. It must be sha256: Signature Algorithm: sha256WithRSAEncryption
If you want to createMultiple Domain certificate request then read this article: https://ethitter.com/2016/05/generating-a-csr-with-san-at-the-command-line/