How to generate (Apache) csr and key pair

Regular Certificate or wildcard

You can do it on any server with openssl installed with this command:

openssl req -sha256 -new -newkey rsa:4096 -nodes -keyout server.key -out server.csr

Your private key will be inside server.key and the csr to get get the certificate will be inside server.csr

*Hint: The common name must match your domain name like For wildcard certs, use * as cmmon name.

Certificate with multiple alternative names (SAN)

Create a file server.san


[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no
[ req_distinguished_name ]
countryName = BE
stateOrProvinceName = OVL
localityName = Gent
organizationName = Hosted Power
commonName =
[ req_ext ]
subjectAltName = @alt_names
DNS.1 =
DNS.2 =
DNS.3 =
DNS.4 =
DNS.5 =

Now generate the private key and csr:

openssl req -sha256 -new -newkey rsa:4096 -nodes -keyout server.key -out server.csr -config server.san

Was this article helpful?

mood_bad Dislike 0
mood Like 0
visibility Views: 5697