, , ,

If you want to run your web server over a https connection you’ll need an SSL certificate. Which involves creating a private key, generating a certificate signing request (CSR) and they getting an authority to sign your certificate.

Generating a new key and CSR can be achieved with openSSL with this line:

openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr

Replace domain.key and domain.csr with the name of your domain just to keep things in order. You’ll be asked a few questions which should be straight forward. The country code needs to be the official ISO standard . The Common Name needs to be the domain you wish to use the certificate for. The domain not the host.

Once it’s complete you should have two new files. The contents of the .csr file can be sent to your certificate authority for signing. Keep your private key safe and don’t allow of to become public. You’ll need to look up the specifics of how to install your certificate on your particular web server.