Creating a CSR to enable you to get an SSL certificate cannot be easier on Nginx especially when you use OpenSSL.
SSH onto your Linux box as usual.
Type in:
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
You will be greeted with output like the following, what you need to type in is highlighted in bold, finish each line by pressing return.
Generating a 2048 bit RSA private key
…………………………..+++
…………………………………+++
writing new private key to ‘server.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:UK
State or Province Name (full name) [Some-State]:Some County
Locality Name (eg, city) []:Some City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Gyp the Cat dot Com
Organizational Unit Name (eg, section) []:Website
Common Name (e.g. server FQDN or YOUR name) []:www.gypthecat.com
Email Address []:[email protected]Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
If you’ve got a wild care SSL cert you can use *.gypthecat.com in the Common Name section.
We’ll probably need to paste the CSR into a web form from your SSL provider.
more server.csr
Copy and paste the entire output (including the —– lines) into the necessary box. There you go, all done!
If you want to read what to do with the SSL certificate you get back read on how to get your Nginx SSL certificate functioning.
4 Comments
[…] 2012 in internet, Uncategorized with No comments Tweet Last time I showed how easy it is to create an SSL request on Nginx, this time I’ll show you how easy it is to get your site up and running with […]
[…] SSL support, you need /usr/local/nginx/server.key and /usr/local/nginx/server.crt. You can create a CSR and get a certificate at CaCert if your domain is reachable from outside (dyndns?). Otherwise, just […]
Thank you for the grat tutorial.
Hello, everything is going perfectly here and ofcourse every one is sharing
data, that’s actually fine, keep up writing.