Before you can obtain/generate server certificate you need to have a private key and generate certificate request which contain essential information about you (the entity requesting certificate) and the domain for which you want the certificate.
-
Generate the certificate request:
openssl req -nodes -new -newkey rsa:2048 -keyout yourdomain.com.key -out yourdomain.com.csr
You will be asked series of questions:
Country Name (2 letter code) [AU]:AU State or Province Name (full name) [Some-State]:Somestate Locality Name (eg, city) []:Your city name Organization Name (eg, company) [Internet Widgits Pty Ltd]:Company name Organizational Unit Name (eg, section) []:Department or any unit Common Name (eg, YOUR name) []:*.yourdomain.com Email Address []:your_email_address@somedomain.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
-
The command will generate 2 files for you:
- yourdomain.com.csr
- yourdomain.com.key