Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet. SSL creates a secure connection between a client and a server. From 1st October all the Facebook app have to support SSL. For that I had to setup up SSL on many clients server. This “how to” is two part – on this post i will show you how you can create CSR and on next post i will show how to setup SSL on an Ubuntu server botf Namebased and IP based. The first part is to generate a CSR file and Post it to the company who gives CRT files using this CSR.
You need to do the following steps
Generate a KEY file
Generate the CSR file.
First intall openssl on your server
apt-get install openssl
apt-get install libssl-dev
apt-get install libssl0.9.8
Some time you have to setup ca-certificates for you-self though it supossed to setup by its own. Enter following command to setup ca-certificates
apt-get install ca-certificates
First create a folder for our certificates
mkdir ~/domainname.com.ssl/
cd domainname.com.ssl/
To generate a KEY and a CSR file, you can use OpenSSL to generate them. But you first need to create a KEY file in order to create a CSR file. To generate a KEY file, do this …
openssl genrsa -out ~/domainname.com.ssl/domainname.com.key 2048
Now lets create CSR file
openssl req -new -key ~/domain.com.ssl/domain.com.key -out ~/domain.com.ssl/domain.com.csr
It will ask you questions of questions
Common Name – this is not the owner’s name whatsoever. The correct value for this is your domain url e.g. www.domain.com
Organization Name – The exact legal name of your organization. Do not abbreviate
Organization Unit – Section of the organization (not really important. up to you)
City or Locality – The city where your organization is located. Do not abbreviate
State or Province – The state or province where your organization is legally located.
Country – The two-letter country code.
DN Field | Explanation | Example |
Common Name | The fully qualified domain name for your web server. This must be an exact match. | If you intend to secure the URL https://www.yourdomain.com, then your CSR’s common name must be www.yourdomain.com. If you plan on getting a Wildcard certificate make sure to prefix your domain with a ‘*’ ex. *.domain.com |
Organization | The exact legal name of your organization. Do not abbreviate your organization name. | domain.com |
Organization Unit | Section of the organization | IT |
City or Locality | The city where your organization is legally located. | Wellesley Hills |
State or Province | The state or province where your organization is legally located. Can not be abbreviated. | Massachusetts |
Country | The two-letter ISO abbreviation for your country. | US |
* Warning: Leave the challenge password blank (press enter)
All of the SSL provider need the content of CSR file to generate CRT files. Use the content of the CSR file. You can view it by
nano domain.csr