Generating a private key and CSR from the command line

When ordering an SSL certificate from a Certificate Authority (CA), you need a private key and a Certificate Signing Request (CSR). These can be generated directly from the command line using OpenSSL.

Why Generate from the Command Line?

• Required for servers without cPanel or Plesk access (e.g., unmanaged VPS or dedicated servers).

• Provides full control over key size and CSR details.

• Ensures compatibility with third‑party SSL providers.

Steps to Generate a Private Key and CSR

1. Log in to your server via SSH.
   

   Bash
   
   ssh root@yourserver.com
   

    

2. Run the OpenSSL command to generate both files:
   
   

   Bash
   
   openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
   

    

   • server.key → Your private key file.

   • server.csr → Your CSR file.

3. Provide the required details when prompted:

   • Country Name → Two‑letter code (e.g., US, NG).

   • State or Province Name → Full name (e.g., Abuja).

   • Locality Name → City (e.g., Abuja).

   • Organization Name → Your company name.

   • Organizational Unit Name → Department (optional).

   • Common Name → The domain name (e.g., example.com or *.example.com for wildcard).

   • Email Address → Contact email.

   • Challenge Password / Optional Company Name → Press Enter to leave blank.

4. Verify the CSR contents (optional):

   Bash
   
   openssl req -noout -text -in server.csr
   ​