A Certificate Signing Request (CSR) file is a block of encrypted text that is generated on the infrastructure that the certificate will be used on. It has information that will be included in your SSL certificate, such as your organization name, common name (domain name), locality, and country. You can’t create an SSL certificate without first generating a CSR file.
Creating a command-line CSR
To generate a CSR:
- In the directory
/mnt/gfs/[application].prod/ssl(where[application]is your application in Cloud Platform), copy the following two files (if they exist) into a new directory for backup:[application].confprivate.key
- Create a file named
domains.txtthat has a list of all the domains that you want covered by your SSL certificate. - Edit the
[application].conffile, and then delete everything following the[alt_names]section header. If you don’t have an existing[application].conffile, download and modify thisexample.sitename.conffile. - Save the
[application].conffile. Run the following command to add the updated list of domains to the
[application].conffile:i=1; for domain in $(cat domains.txt) ; do echo "DNS.$i = $domain" ; ((i++)) ; done >> [application].confTo generate the CSR file, run the following command:
openssl req -nodes -sha256 -newkey rsa:2048 -config [application].conf -keyout private.key -out [application].csrEven though the information in the
[application].conffile has pre-populated the default fields with data, you are prompted to enter details for the CSR file. To continue, press the Enter key.Use the following commands to ensure that your
private.keyand CSR files match.openssl req -noout -modulus -in [application].csr | openssl md5 openssl rsa -noout -modulus -in private.key | openssl md5The files should have matching hashes similar to the following example:
(stdin)= 9fb4c34545e3f8140db44b250cd001e0