The following instructions will guide you through the CSR generation process on Nginx (OpenSSL).
- Log in to your server's terminal via Secure Shell (SSH).
Generate a private key and CSR by running the following command:
Here is the plain text version to copy and paste into your terminal:openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
Note: Replace "server" with the domain name you intend to secure.
Enter the following CSR details when prompted:
- Common Name: The FQDN (fully-qualified domain name) you want to secure with the certificate. For Single domain SSL, enter yourdomain.com. For Wildcard SSL, enter *.yourdomain.com.
- Organization: The full legal name of your organization including the corporate identifier.
- Organization Unit (OU): Your department such as 'Information Technology' or 'Website Security.'
- City or Locality: The locality or city where your organization is legally incorporated. Do not abbreviate.
- State or Province: The state or province where your organization is legally incorporated. Do not abbreviate.
- Country: The official two-letter country code (i.e. US, CH) where your organization is legally incorporated.
Note: You are not required to enter a password or passphrase. This optional field is for applying additional security to your key pair.
Locate and open the newly created CSR in a text editor such as Notepad and copy all the text including:
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
Note 1: Your CSR should be saved in the same user directory that you SSH into unless otherwise specified by you.
Note 2: We recommend saving or backing up your newly generate “.key” file as this will be required later during the installation process.