Certificate Signing Request (CSR) is an encoded text which contains details about the domain a certificate needs to be issued for and your contact details.
The CSR code can be generated on Node.js with the help of the OpenSSL utility. OpenSSL is usually included into the default package and does not require additional installation.
If there is no OpenSSL in the modpack, it can be downloaded with the following commands:
sudo apt-get install openssl or
sudo yum install openssl
Alternatively, the OpenSSL utility can be downloaded here.
In order to generate a CSR code and an RSA private key on Node.js, it is necessary to run the following command:
openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr
It is recommended to replace domain.key and domain.csr with the specific names, like the domain names SSL is aimed for, in order to avoid further confusion.
After having run the command, it is necessary to fill in the following information using alphanumeric characters only:
- Common name: a fully qualified domain name the certificate needs to be issued for (ex: yourdomain.com). If the certificate should be issued for a subdomain, specify it as sub.yourdomain.com or www.yourdomain.com (where www is actually a subdomain).
For Wildcard certificates, the domain name should be specified with the asterisk (*.yourdomain.com).
- City: full name of the city the company is located in
- State: full name of the state, county or region the company is located in
- Country: abbreviated ISO-compliant (two-letter) country code
- Organization: official name of the organization applying for the certificate (specify "NA" if a certificate is for personal use)
- Organization Unit: name of the department inside the organization (specify "NA" if a certificate is for personal use or there are no departments in the company)
The Email Address and Challenge Password fields are optional and can be left blank.
The CSR code will be created in the domain.csr file. It can be opened with a text editor. The CSR contains the following header and footer:
-----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- .
The private key generated along with the CSR code will be created in the domain.key file. It contains the following header and footer:
-----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- .
The private key will be necessary for the certificate installation on the server after the issuance and thus, we recommend saving it in a separate file on your computer and storing it in a safe place.