Let us describe the steps for generating a CSR with the help of the tools, available within the interface of Webmin control panel:
openssl req -new -newkey rsa:2048 -nodes -out example_com.csr -keyout example_com.key -subj "/C=CC/ST=StateName/L=CityName/O=OrgName/OU=OrgUnit/CN=example.com/emailAddressfirstname.lastname@example.org"
where example_com.csr and example_com.key would be generated as CSR and Private key files respectively. The names of the files can be changed to other values so that they can be easily distinguished further. The subject value (-subj) can be specified with or without the quotes. Also, it is required to replace next values in the command with those, which are applicable for the domain name in question:
- CC – 2 letter country code abbreviation. Feel free to look up for the correct country code in this online directory;
- StateName – the name of the state or the city name if there is no state;
- CityName – the name of the city;
- OrgName – the name of the company or “NA” if there is no registered company;
- OrgUnit – the name of the department within the company, which is in charge of SSL management, or just “NA” if there is no unit;
- example.com – the domain name, for which the SSL certificate will be issued. Here you can check how to put the domain name to CSR correctly;
- email@example.com – the administrative contact email address.
Note! For OV and EV certificates, it is obligatory to specify a legal company name and an existing department in Organization and Organization unit fields since those certificates are issued to registered companies and imply a more advanced validation level.
Note! All of the fields must be filled only with alphanumeric symbols and no special ones are allowed (e.g. “&”, “/”, “^”, etc.).
At the time, when the SSL certificate is issued by the Certificate Authority, you will be able to install it according to this guide.