Generate CSR for an SSL certificate

This is more an aide memoire than a full on tutorial.

I am creating a Squid reverse proxy server and obviously want to encrypt the data up to the server. More on creating a Squid server later as it is a bit of a pain 🙂

A Squid server needs three files server.crt, server.key, cacert.crt.

You need a server with openssl installed. Then just run through the following.


mkdir ~/sslgenkey
cd ~/sslgenkey
openssl genrsa -out reporting.key 2048

Enter pass phrase for reporting.key:
Verifying – Enter pass phrase for reporting.key: Enter a password (remember it as you will need it)

 openssl req -new -key reporting.key -out reporting.csr

Enter pass phrase for reporting.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:Country_Code
State or Province Name (full name) []:County_Name
Locality Name (eg, city) [Default City]:City_Name
Organization Name (eg, company) [Default Company Ltd]:Company_Name
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:FQDN of your server
Email Address []:DO NOT ENTER
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: DO NOT ENTER
An optional company name []: DO NOT ENTER

You now need to use your favourite SSL provider. When prompted to enter the csr

vi reporting.csr

Copy and paste all of the contents into the area for the CSR and wait for them to create the certificate.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s