How to generate SSL key and certificate request (CSR)

May control panels offer this function (e.g. cPanel), but sometimes you might want to do it the old way – that is – manually. Here are required commands for reference.

Generate 2048-bit private key

openssl genrsa -des3 -out yourdomain.com.key 2048

Note: this key is encrypted by password. If you do not want to enter password every time you restart your webserver, you shoud use unecrypted version. To un-encrypt it use the following command:

openssl rsa -in yourdomain.com.key -out yourdomain.com.key

Generate certificate request (CSR)

openssl req -new -key yourdomain.com.key -out yourdomain.com.csr

Please note: if you enter domain name with “www.”, most SSL certificate registries will give you certificate, that is valid domain with and without “www.” part. This might very useful, as some people might visit your site one or the other way.