How to generate the CSR code on AWS: possible options

A Certificate Signing Request (CSR) is a block of code with encrypted information about your company and domain name. This code will be required for activation of an SSL certificate.

There are certain requirements for CSR fields:

  1. Common Name: a Fully Qualified Domain Name (e.g., example.com, www.example.com or *.example.com for Wildcard SSL certificates);
  2. Country: a two-letter code (e.g., US);
  3. State (or province);
  4. Locality (or city);
  5. Organization (you can enter “NA” if you do not have one);
  6. Organizational Unit (you can enter “NA” if you do not have one);
  7. E-mail address.

* Only alphanumeric characters should be used when filling out the aforementioned fields.

It is recommended to generate a CSR code specifically on the server where the certificate is to be installed. Alternatively, you may use this online tool.

NB: Using online CSR generation tools is the least preferable option. However, if you use such a tool, please make sure to back up the private key.

There are a few possible options depending on the exact Amazon service you are using:

  1. If you have a Linux Instance with the Apache/Nginx web server installed, please refer to this guide.
  2. If you have a Windows Instance with Internet Information Services (IIS) web server unlocked, you can follow this illustrated guide.
  3. Here you can find the guide for the Tomcat server.
  4. If you need an SSL certificate for Load Balancer, you can generate a CSR code and upload your certificate to AWS with the help of the OpenSSL tool:

The command to generate a private key and a CSR code is the following:

openssl req -new -newkey rsa:2048 -nodes -keyout example.key -out example.csr

* You can replace “example” with the domain name the certificate will be issued for in order to easily identify the files later during installation.

* 2048 is a standard key size, and it should be not less than this key size.

Once a CSR is generated, you will get a block of code with the following tags: -----BEGIN CERTIFICATE REQUEST---- and -----END CERTIFICATE REQUEST----

Please use this code to activate your SSL certificate.

* To avoid any CSR-related errors during activation, we recommend that you check your CSR code at https://decoder.link/result before proceeding.