To generate a CSR on Ubuntu (Nginx), please do the following:
Step 1 – Access your server via your terminal client (ssh). The first step will be generating the private key. At the prompt, type:
openssl genrsa -out [private-key-file.key] 2048
Step 2 – Now, the private key has been generated, run the below command to generate the CSR.
openssl req -new -key [private-key-file.key] -out [CSR-file.txt]
– Country Name (C): Use the two-letter code without punctuation for
– Country Name (C): Use the two-letter code without punctuation for the country.
– State or Province (S): Spell out the state completely; do not abbreviate the state or province name.
– Locality or City (L): The Locality field is the city or town name.
– Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll, for example, XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.
– Organizational Unit (OU): This field is the name of the department or organization unit making the request.
– Common Name (CN): The Common Name is the Host + Domain Name.
– Optional Fields: When prompted, please do not enter your email address, challenge password or an optional company name when generating the CSR. Pressing Enter/Return will leave these fields blank.
Step 3 – Your CSR file will then be created.
Step 4 – Proceed to Enrollment and paste the CSR in the enrollment form when required.
Now You have to Submit CSR to purchase SSL certificates when you purchase the following certificates make sure to this below steps.
You will get 3 files in certificates, one is
Now Create a new file “domain-name.crt” on your server and paste the content of the .crt file on that, then create a file domain-name CA.crt and paste the content of CA.crt file in that, the create a file domain-name.key and paste the content of the .key file in that.
# vi domain-name.crt
# vi domain-nameCA.crt
# vi domain-name.key
Step 1 – You need to concatenate your primary certificate file (.crt) and the intermediate certificate file (CA.crt) into a single .pem file.
Step 2 – To concatenate the files, run the following command:
cat domain-name.crt domain-nameCA.crt >> bundle.crt
Now go to the SSL folder on your server.
# mv /root/domain-name.crt /etc/ssl/
# mv /root/domain-nameCA.crt /etc/ssl/
# mv /root/domain-name.key /etc/ssl/
# mv /root/bundle.crt /etc/ssl/
Now go to the
# cd /etc/nginx/sites-available/
listen 443 ssl;
Save the file and then restart the NGINX service.
Leave a Reply