Web services
SSL/TLS
Generate a CSR
This will generate a 2048-bit key (secure & insecure) and CSR for usage on a website. CSR is short for Certificate Signing Request and is usually requested by CA (Certificate Authority) when trying to obtain a SSL/TLS certificate.
1. Create a secure key for CSR
$ openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
.....................+++
....................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
2. Create an insecure key for CSR sourcing from the secure one
$ openssl rsa -in server.key -out server.key.insecure
Enter pass phrase for server.key:
writing RSA key
3. Rename the keys
$ mv server.key server.key.secure
$ mv server.key.insecure server.key
4. Create the CSR
$ openssl req -new -key server.key -out server.csr
- Last tested on Ubuntu 14.04.2 LTS (trusty) | easy | less than five minutes