How to generate SSL key and certificate request (CSR)

May control panels offer this function (e.g. cPanel), but sometimes you might want to do it the old way – that is – manually. Here are required commands for reference.

Generate 2048-bit private key

openssl genrsa -des3 -out 2048

Note: this key is encrypted by password. If you do not want to enter password every time you restart your webserver, you shoud use unecrypted version. To un-encrypt it use the following command:

openssl rsa -in -out

Generate certificate request (CSR)

openssl req -new -key -out

Please note: if you enter domain name with “www.”, most SSL certificate registries will give you certificate, that is valid domain with and without “www.” part. This might very useful, as some people might visit your site one or the other way.