Create a certificate request (CSR)

I already described how to create a SSL certificate for your own server. I did this for an Apache web server and also for a Tomcat web server. I also showed you how to configure this web servers so they can be reached over HTTPS. This is only useful for testing purposes. If you want to change from development to production, you will need a certificate that is trusted by an external source. There are many different vendors for certificates, some also offers 30 day trial certificates.

If you want to sign up for a certificate, you need to create a certificate request (CSR). I show you how!

Create a key for your domain

The first step is to create a key for your domain. For this you have to consider, that you really need to use the fully qualified domain name (FQDN). If you are unsure, you can get it on Linux system:

hostname --fqd

Attention: www.domain.com is not equal to domain.com. These are two different domain names!

You can create your key with the following command:

openssl genrsa -des3 -out www.domain.com.key 2048

You have to use your own domain name here. At this statement, you have to pass a passphrase. It is important to remember it!

Create your certificate request

With our created key file we can now create our certificate request file. Use this command:

openssl req -new -key www.domain.com.key -out www.domain.com.csr

Here you have to pass your passphrase from the previous step. If this is right, you have to answer some questions. This things are readable informations that are embedded into your certificate. So answer them correctly! If everything worked fine, you should now get a file with your certificate request (www.domain.com.csr). Copy the contents of this file to the certificate vendor.