How to Generate Certificate Signing Request on Nginx using OpenSSL
If you prefer, you can make your own shell commands to generate your Nginx CSR. Just follow the instructions below:
Login to your server via your terminal client (ssh). At the prompt, type:
openssl req -new -newkey rsa:2048 -nodes -keyout myserver.key -out myserver.csr
Note: Replace yourdomain with the domain name you're securing. For example, if your domain name is mydomain.com, you would type mydomain.key and mydomain.csr
where server is the name of your server.
This will begin the process of generating two files: the Private-Key file for the decryption of your SSL Certificate, and a certificate signing request (CSR) file used to apply for your SSL Certificate.
Enter the requested information:
- Common Name (CN): The fully-qualified domain name, or URL, you want to secure.
If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *.mydomain.com.
- Organization (O): The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requestor's name.
- Organization Unit (OU): If applicable, enter the DBA (Doing Business As) name.
- City or Locality (L): Name of the city where your organization is registered/located. Do not abbreviate.
- State or Province (S): Name of the state or province where your organization is located. Do not abbreviate.
- Country (C): The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered.
Note: If you do not want to enter a password for this SSL, you can leave the Passphrase field blank.
Your .csr file will then be created.
Open the CSR file with a text editor and copy and paste it (including the BEGIN and END tags) into the Certificate order form.
Save (backup) the generated .key file as it will be required later when installing your SSL certificate in Nginx.