Generating a Certificate Signing Request (CSR) for Apache on Rucenter hosting
If you buy a certificate from Rucenter, you do not need to generate a CRS request yourself. It will be generated automatically when purchasing a certificate.
To generate a certificate signing request (CSR), you must use the open-source cryptographic package OpenSSL. It is used for most UNIX-like operating systems and is available on our hosting.
1. Connecting to hosting via SSH
2. Generating a private key
3. Generating a request for a certificate (CSR)
1. Connecting to hosting via SSH
All the necessary steps for generating a CSR are performed on the hosting using an SSH connection. You will need to obtain connection parameters from your hosting control panel and configure the connection using an SSH client, such as PuTTY.
2. Generating a private key
Before generating a CSR, you must generate a private key of at least 2,048 bits in length. The private key must be generated and stored on the server for which the certificate is issued.
After connecting to your hosting via SSH, run the following commands in the command line.
1. Go to the temporary files directory /home/identifier/tmp. The files that you generate will be saved in this directory.
cd ~/tmp
2. Create a private key using the command:
openssl genrsa -des3 -out private.key 2048
3. When prompted to Enter pass phrase for private.key, enter a password to protect the private key.
4. After the Verifying — Enter pass phrase for private.key request, re-enter the password.
Your private key will be generated and saved in the private.key file. You can view it by running the command:
less private.key
To exit, press Q.
If the password is lost or the private key is compromised, the certificate must be reissued. Be sure to save a copy of the private key on your computer.
3. Generating a request for a certificate (CSR)
When generating a CSR, enter all the data in Latin characters.
1. In the command line, run the command:
openssl req -new -key private.key -out domain-name.csr
2. Enter the private key password when prompted to Enter pass phrase for private.key.
3. The following fields should be filled in with Latin characters:
- Country Name: a two-character country code according to ISO-3166. "RU" for Russia.
- State or Province Name: the name of the area or region without abbreviations;
- Locality Name: the city or town name;
- Organization Name: Latin equivalent of the organization name;
- Organizational Unit Name: the name of the unit for which the certificate is ordered (optional field);
- Common Name: Fully Qualified Domain Name (FQDN);
- Email Address: contact e-mail address (optional field);
- A challenge password: not filled in;
- An optional company name: alternative company name (leave blank).
The certificate request will be saved in the domain-name.csr file as encoded text. Check the correctness of the entered data by running the following command:
openssl req -noout -text -in domain-name.csr
When ordering an SSL certificate in your personal account on the www.nic.ru website, you will need to provide a CSR. To do this, view the received CSR file using the less command and copy its contents into the order form.
