Articles

How to Generate an SSL Key and CSR

Generating an SSL key and certificate signing request (CSR) is the first step in making your website securely available over HTTPS. There are two ways to do this.

You only need to obtain your own SSL certificates for subdomains and wildcard domains. For everything else, you can use ServerPilot's AutoSSL feature
.

Method One: Using ServerPilot

Using ServerPilot is the easiest way to create a key and CSR.

First, go to your app's SSL tab in ServerPilot.

You'll see that SSL is disabled.

Now, enter your app's domain followed by your location and organization name. Click Generate Key and CSR.

ServerPilot will automatically generate a CSR and SSL key for your app.

Method Two: Using the Command Line

If you don't want to use ServerPilot's generator or want more control over the creation of your SSL key and CSR, you can use the command line to create a key and CSR.

Run the following commands on your server:

mkdir -p ~/certs/YOUR_DOMAIN_NAME
cd ~/certs/YOUR_DOMAIN_NAME
(umask 077 && touch ssl.key)
openssl req -new -newkey RSA:2048 -nodes -keyout ssl.key -out ssl.csr

You will be prompted to answer a few questions. There are two questions that are critical to answer correctly:

  1. Common name: Your domain name. For example, foo.com. Nowadays, you generally should not enter www. as your Certificate Authority should make the certificate work both with www and without. However, you should check with your Certificate Authority to find out.
  2. Password: Do not enter a password or challenge phrase. Just hit enter when you're asked for a password.

When done, you will have a directory called certs/YOUR_DOMAIN_NAME in your home directory that contains two files:

  1. ssl.key—This file contains your SSL private key. Don't lose it!
  2. ssl.csr—This file contains your Certificate Signing Request.

That's It!

You can use the CSR to purchase a signed SSL certificate.