CSR generating

CSR generating procedure differs depending on server software. We provide a guide to CSR generating for the most popular Apache web-server. In case you are using other server software please consult with your server administrator or hosting provider.

For private key and CSR generating an OpenSSL utility is used. This utility usually comes with Apache server.

  1. Enter the following command in the server command line:

    openssl req -new -nodes -keyout www.mydomain.com.key -out www.mydomain.com.csr
  2. Specify necessary information for the CSR. 

    • all information should be entered in English;
    • the following characters are not allowed: < > ~ ! @ # $ % ^ * / \ ( ) ?.,&

    Parameter Explanation Example
    Country Name

    Two-letter country ISO-code

    State or Province Name
    State or province of the comnapny registration. Moscow
    Locality Name City of the compan registration. Moscow
    Organization Name
    Complete legal name of the company. MyCompany Inc
    Organizational Unit Name
    Name of the organuzational unit. IT
    Common Name Fully Qualifed Domain Name for which a certificate is issued. Important! Please check your common name during the enrollment process to ensure it is correct. A Common name is a domain name listed with or without a host (i.e. either just mydomain.com or www.mydomain.com or secure.mydomain.com). If a host name is required, ensure it is in the CSR. After your certificate has been issued, changing the common name would require a reissue, which will mean generating a new Private Key and CSR pair off the web server and then going through the online process again. www.mydomain.com
    Email Address
    Do not fill
    A challenge password
    Do not fill  
    An optional company name Do not fill  

  3. Check the CSR for validity by the following command:

    openssl req -noout -text -in www.mydomain.com.csr

    If the CSR is valid the command will produce the output like the following: 

    Certificate Request:
            Version: 0 (0x0)
            Subject: C=ru, ST=ddd, L=fff, O=ddd, OU=ss, CN=www.mydomain.com
            Subject Public Key Info:
                Public Key Algorithm: rsaEncryption
                RSA Public Key: (2048 bit)
                    Modulus (2048 bit):

CSR now is generated and stored in www.mydomain.com.csr file. Your private key is stored in www.mydomain.com.key. The most important thing you can do to protect your certificate and the security of your website is to backup your private key!

You may also use a free Windows OpenSSL client which will allow you to generate CSR and private key right in the windows environment without any need to use server command line. This client may be downloaded here: http://www.slproweb.com/products/Win32OpenSSL.html. Install it on your local computer and youк generated CSR and private key will also be stored localy.

After your CSR is generated and certificate is issued you may install certificate on your server.