Generating A Certificate Signing Request With Openssl

posted: May 15th, 2010

I have an apache server that hosts two sites requiring SSL; in order to generate a second certificate you need to use the existing servers’ private key and hence don’t need to generate a second one (I guess you could but it won’t provide additional security per se). If you want to start from scratch, that is without any existing SSL cert, Ubuntu has a good tutorialĀ at Ubuntu server guide.

I used the following command :

‘openssl req -new -key /etc/ssl/private/server.key -out /etc/ssl/certs/newssl.csr’

Openssl will then jump into interactive mode and ask you a few questions about the site you want to host and it will then create the certificate signing request file; newssl.csr. You can then paste this request file into your CA’s site and order or process the certificate!

O’Reilly has a good book on OpenSSL if you want to go pro!