To create a CSR on your Amazon EC2 server, you will use OpenSSL commands within your EC2 instance.
1. Connect to your EC2 Instance
For instructions on how to connect to your instance, check Amazon's guide here.
Once connected, navigate to your server's private key store via /etc/pki/tls/private/
.
2. Generate New Private Key
To create a new 2048-bit RSA private key, run the following command:
[ec2-user ~]$ sudo openssl genrsa -out custom.key
3. Create the CSR from the key
After generating the private key, run the following command to create the CSR:
[ec2-user ~]$ sudo openssl req -new -key custom.key -out csr.pem
OpenSSL will then open a new window for filling out the certificate request. The following fields are required:
- Country: 2-letter ISO abbreviation for your country.
- State/Province: The name of the state, province, or region within your country where your organization is located. Do not abbreviate this name.
- Locality: The city or locality where you are located.
- Organization Name: The full legal name of your organization. (For non-organization certificates, you can fill this field with any relevant info, such as your domain name, or N/A)
- Common Name: The domain name or public IP address to be secured by the SSL certificate, i.e. www.google.com. For a single-domain wildcard SSL certificate, the domain should be formatted like *.google.com.
The organization unit and email address fields are typically not required in your CSR.
CSR Challenge Phrase
OpenSSL may prompt you to set a challenge phrase or password on the CSR. We do not recommend setting a challenge phrase.
4. Check the CSR Output
The CSR will finally be generated as a .pem type file, which can be opened in a text editor like Notepad. You can open this file and copy and paste the full code, including the -----BEGIN CERTIFICATE REQUEST-----
header and -----END CERTIFICATE REQUEST-----
footer, into your SSL order generation form.