How to generate (Apache) csr and key pair

Regular Certificate or wildcard

You can do it on any server with openssl installed with this command:

openssl req -sha256 -new -newkey rsa:4096 -nodes -keyout server.key -out server.csr

Your private key will be inside server.key and the csr to get get the certificate will be inside server.csr

*Hint: The common name must match your domain name like www.example.com. For wildcard certs, use *.example.com as cmmon name.

Certificate with multiple alternative names (SAN)

Create a file server.san

Example:

[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no
[ req_distinguished_name ]
countryName = BE
stateOrProvinceName = OVL
localityName = Gent
organizationName = Hosted Power
commonName = www.hosted-power.com
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = www.hosted-power.com
DNS.2 = hosted-power.com
DNS.3 = hosted-power.be
DNS.4 = www.hosted-power.nl
DNS.5 = mail.hosted-power.com

Now generate the private key and csr:

openssl req -sha256 -new -newkey rsa:4096 -nodes -keyout server.key -out server.csr -config server.san


Was this article helpful?

mood_bad Dislike 5
mood Like 0
visibility Views: 14793