It is really easy to generate SSL key and CSR using OpenSSL, and the next several steps will guide you trough the process.
If you are on Linux server, OpenSSL can be downloaded from here: OpenSSL source – or you can use your package management software like YUM install or apt-get. For Windows users, you can use: Win32OpenSSL.
Once you have OpenSSL installed, we can generate SSL certificate key
-
openssl genrsa -rand /var/log/messages:/var/log/messages.1:/var/log/messages.10.gz -out www.freetutorialssubmit.com 2048
The following will appear:
-
2199 semi-random bytes loaded
-
Generating RSA private key, 2048 bit long modulus
-
.+++
-
………………………………………………………………………………………………………………..+++
-
e is 65537 (0x10001)
The above command will generate SSL key using ‘-rand’ option with few big files for sources and 2048 encryption. The reason of using some big files with ‘-rand’ option is because there are no absolute random generation with computers – but that is different story. Recently the minimum allowed encryption by the SSL issuers is 2048 bits so make sure you will generate your key with this number or with 4096 bit SSL key.
There is another command which can be used :
-
openssl genrsa -des3 -out www.freetutorialssubmit.com.key 2048
After executing it, the output will be:
-
Generating RSA private key, 2048 bit long modulus
-
…………………………………………..+++
-
………………………………………………..+++
-
e is 65537 (0x10001)
-
Enter pass phrase for www.freetutorialssubmit.com.key:
-
Verifying – Enter pass phrase for www.freetutorialssubmit.com.key:
When you generate SSL key with this command will require password, which is good when the key is transported, but once set on a Web Server it will ask for a password every time it is restarted. If you have chosen this method, the next command will remove the SSL key password.
-
openssl rsa –in ww.freetutorialssubmit.com.key -out ww.freetutorialssubmit.com.no_key
If you open the SSL key file it should be similar to this one:
-
—–BEGIN RSA PRIVATE KEY—–
-
MIIEowIBAAKCAQEAxw/rAvWL8H2T+y9ysEZ+dimX0tcnmOLpsKiw+y8UxJL7xmij
-
tK/mQuXmlKsAKX28V3NdgWf0EDGkax3TgbAArt8KouynTZs1cP/0hC1wmyC7Y285
-
NXwSbi/RNZG1thwUg5m0JFrwExPtC6yFz5dPUb/RpwqZ5gRlPSfdK8vC3DVgBwcR
-
B2cr7TEy9G98UQEg1ZphHb+8BN8huhy5h4CeHvGtqAdRe9u7o8kP1ZJ2sTsfQjW8
-
WDQp+DvZXMC20rv+TmE2OsR3qsc9ytrpcZEJsMaXeInhSj64jvI5aS9B4jNnEHK2
-
Km/wGqqZ9sbg3a6YQaLY+oa+04t40uZB+/AEAwIDAQABAoIBAGeJ+AtJ/MfSCa6V
-
N2pIwG5lo/qevpHfNP4WQDfmfT7h1OOWec/5ziLtwcmCSEtMgzJZZ0Fv+JqTt5mf
-
oevKyBAtIzMrNLpBCMMF3wEBQZjupYlKyM7xAgUeCgt7BrD6WhE5WWGviz/hFWMF
-
EXSwlylGRJ5F/VaO4rm0im3FRk2S6pu1aV2MXDGBMV6bTM2FblJ47wenBY2zy8YC
-
tLkG5EoFiLH8fSvyLsiqEaGANXs+sBLFNcokDQVhuwmZcl8h4eUrPW/fB5wzyM3z
-
5SH8K8Gx2AcfU5ovwu+YV2vIDy5hy98iJwTsG13YWTruB8nDhQ0DcAqRAdkCJdPb
-
f1Utn0ECgYEA64BDx8ynjE3fVMPCpHyMGtmX9r8hCW3W2Pc78VFvaX8UfxaqFHrH
-
vMfaJrjCaI9Kebf80eT/MgF7r0wMPjuJN/TlOdTzpvcrWBDD3ipcnv6rvGNoYoYk
-
7ihPleTvqLyD3albpT1luXtPbMZmPTogpY4ycuWcuaC2bis8XpMdKl0CgYEA2GOt
-
FBjCrKz6QABlYfJ68UHyqc85XS5c/FOAZMBInonND2PYSbzkc7Fj7cWfhLRDWgI4
-
2f43vRMtgaL3MJxVUB6grNQmEoZX6NaIVNTsVoZihJ7WrOVcFItRx1pv0e8vnCP+
-
7Yu/SqyqfSFsVZjGffY+fpv3NGf5CcTK2SF4wd8CgYAJUkBcjisrkIGAd2ci35Mk
-
FOzA5XvHRcO1PsPun0yLnm4PQbRlrx5syHRICBQZ02IdQz0MicXYEtr0a0wowm6B
-
+n2ANn+WYj4i9DbsejzERkxB3qVpEOoxSwMraa5avWtywJtSBQYbu1e/dHLjhYN5
-
ShGRHql/Z28RGUEAdU44OQKBgQDCqDALkxaVFWptZq3NBb95BnVQMp0M6Oc3CbrH
-
Z34sOBRi0tO/yY/NT3dwbsXIMA0ijDsuRxVHHlhidQJfFVNdpp+tuY6iPX4Zc9vi
-
TERqtassWGMP16gUxxuC9SUAOmWe1Xa/pGYpu9gGhqmY+r0clQa1CILB/wI1unUs
-
DINACwKBgAPLLSKkbwB8xS86F8ukmmLTHSaQJrVl5CMUdJDaz+6tnjwuuiNBjgiV
-
3/d0Kd8BKUsnJyHU2zHVtW1RhrvWLJAL2kBFASTnQTb3Ggw26fnIhz1nevu+e0AM
-
shzXKHZVqH6gnUNdOTIZIMypdp5cDqlLR80U0quD+/K3CHB032p3
-
—–END RSA PRIVATE KEY—–
Now to generate CSR from a key use OpenSSL with this options:
-
openssl req -new -key www.freetutorialssubmit.com.key -out www.freetutorialssubmit.com.csr
You will be asked few questions for the certificate:
-
You are about to be asked to enter information that will be incorporated
-
into your certificate request.
-
What you are about to enter is what is called a Distinguished Name or a DN.
-
There are quite a few fields but you can leave some blank
-
For some fields there will be a default value,
-
If you enter '.', the field will be left blank.
-
—–
-
Country Name (2 letter code) [AU]:US
-
State or Province Name (full name) [Some-State]:California
-
Locality Name (eg, city) []:San Diego
-
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Freetuts Ltd.
-
Organizational Unit Name (eg, section) []:Security
-
Common Name (eg, YOUR name) []:www.freetutorialssubmit.com
-
Email Address []:admin@freetutorialssubmit.com
-
-
Please enter the following 'extra' attributes
-
to be sent with your certificate request
-
A challenge password []:
-
An optional company name []:
When you are ready with the CSR information, and you open the CSR file, it should look similar to this:
-
—–BEGIN CERTIFICATE REQUEST—–
-
MIIC+zCCAeMCAQAwgbUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
-
MRIwEAYDVQQHEwlTYW4gRGllZ28xFjAUBgNVBAoTDUZyZWVUdXRzIEx0ZC4xETAP
-
BgNVBAsTCFNlY3VyaXR5MSQwIgYDVQQDExt3d3cuZnJlZXR1dG9yaWFsc3N1Ym1p
-
dC5jb20xLDAqBgkqhkiG9w0BCQEWHWFkbWluQGZyZWV0dXRvcmlhbHNzdWJtaXQu
-
Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxw/rAvWL8H2T+y9y
-
sEZ+dimX0tcnmOLpsKiw+y8UxJL7xmijtK/mQuXmlKsAKX28V3NdgWf0EDGkax3T
-
gbAArt8KouynTZs1cP/0hC1wmyC7Y285NXwSbi/RNZG1thwUg5m0JFrwExPtC6yF
-
z5dPUb/RpwqZ5gRlPSfdK8vC3DVgBwcRB2cr7TEy9G98UQEg1ZphHb+8BN8huhy5
-
h4CeHvGtqAdRe9u7o8kP1ZJ2sTsfQjW8WDQp+DvZXMC20rv+TmE2OsR3qsc9ytrp
-
cZEJsMaXeInhSj64jvI5aS9B4jNnEHK2Km/wGqqZ9sbg3a6YQaLY+oa+04t40uZB
-
+/AEAwIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAA+j9DGYVSPthNn/zwy43kFv
-
bcXborvJXbU0AxJwFlHkMnHd5kCzX7lxWnca7KRTbyYsWgE8gPyTgdajPp7iCdpa
-
L5lIciGtlnhOo6AXvKG8SV92En37YBY5geNDRYFbyQuLkC2lXKdTuHUoxck4QKPV
-
57nHQzckCc2bma8sbC0evo2upxt2XK3yGWB+PQHF1GlkXg1emx/Xmen/7DMoudbR
-
tcBY1EwCqRfoYT3dieYII9+4NwmZ3OCPHDNx68k8jBatY5EWIMxMUCZv7hRwUPoX
-
WFC7+kIAheXb/eul6kbIW0olTblXH+jPGUPwh2MSIEXKZTubpQLeZP/fWTuiWao=
-
—–END CERTIFICATE REQUEST—–
Now provide the CSR to a certificate issuer and wait for the SSL approval message.
Most SSL issuers have service that relies upon the Subscriber or the Subscriber’s authorized administrator to approve all certificate requests for all hosts in the domain. It is important that you will select a correct authorized administrator email. By selecting an authorized administrator, you warrant to the certificate issuer that the individual is authorized to approve the request. The request for SSL server certificate will not be processed beyond this point if you select an incorrect email address.
This part is important and it is a part of the SSL certificate issue process. Its purpose is to avoid someone else to have a certificate issued for your domain.
Be peppered with the following allowed e-mails:
Registered Domain Contacts – This is when the SSL issuer has successfully obtained domain contacts for this domain from the domain registrar. This will be the
-
Registered Domain Admin contact
-
Registered Domain Tech contact
Alternate Approval Email Addresses can be used, but you must make sure that such e-mail account has been set up and is available before you provide the CSR, or the approval email will not be delivered.
Level 2 Domain Addresses as bellow are allowed:
-
admin@freetutorialssubmit.com
-
administrator@freetutorialssubmit.com
-
hostmaster@freetutorialssubmit.com
-
root@freetutorialssubmit.com
-
webmaster@freetutorialssubmit.com
-
postmaster@freetutorialssubmit.com
Level 3 Domain Addresses as bellow are allowed:
-
admin@www.freetutorialssubmit.com
-
administrator@www.freetutorialssubmit.com
-
hostmaster@www.freetutorialssubmit.com
-
root@www.freetutorialssubmit.com
-
webmaster@www.freetutorialssubmit.com
-
postmaster@www.freetutorialssubmit.com
Once you have received and approve the SSL certificate, it will be sent to you and you can install it on your web server.