CSR Key (Certificate Signing Request) is essential for activating your SSL certificate.
Table of Contents
What is a CSR Key?
A Certificate Signing Request or CSR is a specific encrypted text block crucial for activating your SSL certificate. This code must be generated on the server where you want to use your certificate. It contains information such as your organization’s name, your domain name, location, and country. The CSR also includes a public key that will be incorporated into the certificate.
*Note: Before activating an SSL certificate, ensure that your hosting provider offers this service and that it is available with your hosting plan.
Additionally, Cap Connect provides a free SSL certificate with all shared hosting plans.
How to Generate a CSR Key?
To generate the CSR key, you need to access your server via SSH (hosted server or Linux/OS X/macOS/Windows computer) and run the following command in your SSH terminal or command manager:
openssl req -nodes -newkey rsa:2048 -sha256 -keyout monserveur.key -out serveur.csr
Below is an explanation of the command’s components to better understand the process:
- newkey rsa:2048: Generates both the CSR and the private key. 2048 indicates RSA encryption on 2048 bits.
- sha256: Uses the SHA256 algorithm for signing the CSR.
- keyout monserveur.key: Saves the private key file as “monserveur.key”.
- out serveur.csr: Saves the CSR file in the command directory. You can rename it for easier reference.
When you run this command, you will be prompted to provide identification details, which are essential for verification by the certificate authority. These details include:
- Country Name: Your country, usually entered as a code (e.g., MA for Morocco, FR for France).
- State or Province Name: Your region or province.
- Locality Name: Your city.
- Organization Name: Optional for Standard SSLs but mandatory for professional certificates. Enter your company’s name if applicable.
- Common Name: The domain name associated with your SSL certificate.
- Email Address: Optional but recommended.
- A challenge password: Rarely used, so it can be left blank.
- An optional company name: This can also be left blank.
Once executed, two files will be created: a private key (.key) and a public CSR file. The private key must remain confidential as it will be required for installing the certificate. It cannot be replaced or substituted.
To use the CSR, copy its entire content and paste it into the appropriate field provided by the SSL certificate provider. You can use a text editor or the command below to display its content:
cat monserveur.csr
The CSR key should be pasted as shown below:
Congratulations! You have now generated the CSR code needed to activate your SSL certificate.