How To Generate A Certificate Signing Request (CSR) On CentOS

Published Date Author: , Posted January 28th, 2011 at 7:03:53pm
  • Create the private key file key.pem:
    # openssl genrsa -out key.pem 2048

  • Create the Certificate Signing Request (CSR) file req.pem:
    # openssl req -new -key key.pem -out req.pem
    When it asks for the common name, be sure to enter the full hostname of your server as used in the URL, like www.yourserver.com. This will create the file req.pem, which is the certificate signing request (CSR). Send the CSR to your certificate authority. They should send you back a file that starts with —–BEGIN CERTIFICATE—– which can be put in the cert.pem file.

  • If you got a sign certificate from Thwawt, is may be in a signed bundle in PKCS #7 format. Look for this at the top:
    —–BEGIN PKCS #7 SIGNED DATA—–

    To extract the cert that you will need for Apache, run the following command:
    openssl pkcs7 -print_certs -in signed_bundle.pkcs7

    Your signed cert should be the first of three certs listed. Copy and paste these two lines and everything in between into a simple text file. This becomes the cert file for Apache:

    —–BEGIN CERTIFICATE—–
    —–END CERTIFICATE—–

Categories: How-To's, Technology Tags: , , , , , , ,

No comments as yet.

Leave Your Comment  Leave a comment

All fields marked with "*" are required.