Here’s an instruction on generating a certificate signing request (CSR) for your domain or website. SSL has become a ranking factor for Google, so if you want your website to rank higher on Google’s Search Result Pages, you may want to enable SSL / TLS for your sites or blogs.
This brief tutorial is going to show you how to create a CSR file/key and submit it to a Certificate Authority to generate a valid certificate from it.
You see, before a Certificate Authority (CA) can provide your website a valid certificate, you must submit a CSR. The CA uses your CSR file/key to generate a valid certificate for your site or server.
There are many types of certificates to choose from and you can read a lot about them online. This post only shows you how to generate a CSR. You can then submit the CSR to a CA.
If you need to read about the different types of SSL certificates, go and read here.
A vast majority of websites today use the Domain Validation certificate type. Here’s a brief summary:
Domain Validation is where the CA checks the right of the applicant to use a specific domain name. No company identity information is vetted and no information is displayed other than encryption information within the Secure Site Seal.
After you’ve decided the types of certificate to go with, open logon to your Linux server and run the commands below to generate a certificate signing request.
sudo openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
This will begin the process of generating two files: your server Private-Key file for the decryption of your SSL Certificate, and a certificate signing request (CSR) file used to apply for your SSL Certificate.
Doing the process, you’ll be prompted with these questions.. answer them as highlighted below.
- Common Name: The fully-qualified domain name, or URL, you’re securing example (www.example.com)
- Organization: The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requestor’s name.
- Organization Unit: If applicable, enter the DBA (doing business as) name. If you’re securing a single blog, then type the blog owner’s name here.
- City or Locality: Name of the city where your organization is registered/located.
- State or Province: Name of the state or province where your organization is located.
- Country: The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered.
NOTE: When prompted, please do not enter your email address, challenge password or an optional company name when generating the CSR. Leave out this fields blank.
When you’re done, two files will be created in that directory. One is your server private key for SSL decryption and the other is the CSR file used to apply for certificate. Send the CSR file to your Certificate Authority.
That’s it! The CA will receive the request to generate a certificate and send you an official and valid certificate for your site.
Now you can install the certificate and keep traffic between your users and your websites.
Our next post will show you how to install a certificate after you received it from your CA.