With a CSR you can create a private key locally on your computer, so your certificate reseller doesn't have to send you the private key over the internet. Sending the private key over the internet can be dangerous for the security of your certificate.
In this article
- What is a CSR?
- What is a private key?
- How to create a CSR
- What information is included in a CSR?
- What to do with the CSR file
What is a CSR?
A Certificate Signing Request is a file that contains information about your business and your subdomain, that is needed for most certificate resellers (Certificate Authority or CA) to create a certificate for you.
A CSR is actually a request to get a certificate that is created and digitally signed by a CA, without having to send the private key over the internet.
What is a private key?
The private key decrypts the data that the CSR file has encrypted. You will use the private key when uploading your certificate and intermediates to your project in Foleon. As the name suggests, the private key is meant to keep private on your computer. To ensure the security of your domain and certificate, never send the private key over the internet.
How to create a CSR
Press enter after each step to go to the next question.
- Open the terminal on your pc
- Paste this without the apostrophes: 'openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr'
- Provide the needed information about your company and subdomain (the needed information is listed below in this article)
- For email and password; The server cannot read this information, so you can leave these empty, and hit enter
- Now you will see the name of your user account in the terminal, this means the task is done
- Two new files (*.key and *.csr) will be located in your personal folder on your computer
- Rename these files to your subdomain with '_' as a dot, for example: 'my_ebook_com.key'
What information is included in a CSR?
Below you will find the needed information about your company and subdomain for creating a CSR. This is the information for Foleon HQ. Replace this with your own business information.
- country code (the two-letter ISO 3166-2 code) - NL
- state or province name - Noord-Holland
- city or locality - Amsterdam
- name of your organization - Foleon
- organizational unit (e.g. marketing, or finance) - Support
- your hostname (also known as the common name) - my.ebook.com
Keep in mind that the information provided in the terminal when creating the CSR, needs to match the information you provide to the certificate reseller. It also needs to match with the subdomain you provide in your project in Foleon.
What to do with the CSR file
You can send the CSR file (for example: 'my_ebook_com.csr') that you created with the terminal to your certificate reseller. You can keep the private key safely on your computer.
Important note: Do not send the private key with your CSR file to your certificate reseller. This can be dangerous for the security of your certificate.
After that you will get the certificate and intermediates from your reseller. You can upload these together with the private key to the publication that has been set up with this subdomain to protect the domain with a certificate.