An SSL ( Secure Socket Layer ) certificate enables accessing your website over HTTPS ( Hyper Text Transfer Protocol Secure ). Websites with SSL certificate are shown along with a Green Padlock Icon in the address bar of most of the modern browsers. HTTPS websites enable confidence in visitors and make them feel secure and genuine. Customers happily do transactions on sites with HTTPS. Here, you are going to learn how to successfully generate a Certificate Signing Request and SSL certificate on a linux based OS like Ubuntu 16.
Generate a Certificate Signing Request
Open Ubuntu Linux Console with your username and password. Type the following command.
console> openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
Type all the requested answers meanwhile. Take care when typing FQDN with the exact extension name like com, in, info etc.
writing new private key to 'yourdomain.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:IN
Locality Name (eg, city) :IN
Organization Name (eg, company) [Internet Widgits Pty Ltd]:techy
Organizational Unit Name (eg, section) :techy
Common Name (e.g. server FQDN or YOUR name) :yourdomain.com
Email Address :email@example.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password :abcedfghi
An optional company name :techy
Two files will be created in the file system. File path depends on the path from where you executed the command. In general, you can get these files from the /root folder.
Here .csr file contains the Code ( Public Key) Required to generate SSL. .key file is the private key which you should not show to the outside world.
Generate SSL Certificate Using CSR File Code
Purchase a new SSL Certificate from a reputed company like Godaddy, Comodo and Thawte etc. This new SSL is a blank SSL which is not associated with any Domain. Go to Options / Configure against the purchased SSL. Under CSR ( Certificate Signing Request ), Copy the contents of yourdomain.csr ( Simply Open with Notepad) and paste. Submit your changes. Wait for creation of SSL Certificate. You will be able to download the certificates after successful verification of domain and business address which will be done automatically.