In this post we will look at how to generate a CSR with OpenSSL on Ubuntu 18.04 that can be uploaded to a third party certificate authority like GoDaddy, Digicert, or Verisign.
Open Terminal or a command prompt and login to your server via SSH.
Then paste the following OpenSSL command modifying “
yourdomain” to reflect the domain you will eventually add to the certificate.
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
You will then be prompted to answer the following information where applicable:
Common Name: The fully-qualified domain name, or URL, you’re securing.
If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *.coolexample.com.
Organization: The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requestor’s name.
Organization Unit: If applicable, enter the DBA (doing business as) name.
City or Locality: Name of the city where your organization is registered/located. Do not abbreviate.
State or Province: Name of the state or province where your organization is located. Do not abbreviate.
Country: The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered.
There may be some additional prompts such as a challenge password and an additional company name.
Once you have filled out the necessary information it will generate a CSR with OpenSSL and save both the CSR and Key in your current directory. From there you can use it directly from the server or even SCP the file over to a different computer. You will want to follow the steps from your certificate authority in order to generate an appropriate third party cert for your server or web application.
If you need to perform additional tasks on your certificate, OpenSSL is a great tool. You can easily pull up documentation by searching the web. Most certificate authorities will have info as well. If you need to convert .pfx to .pem check out this post http://edtechchris.com/2019/02/22/convert-pfx-to-pem-certificates-using-openssl/.
Check out the official documentation to learn more about using certificates with Ubuntu 18.04. https://help.ubuntu.com/lts/serverguide/certificates-and-security.html