A Certificate Signing Request (CSR) is a block of code with encrypted information about your company and domain name. This code will be required for activation of an SSL certificate.
There are certain requirements for CSR fields:
- Common Name: a Fully Qualified Domain Name (e.g., example.com, www.example.com or *.example.com for Wildcard SSL certificates);
- Country: a two-letter code (e.g., US);
- State (or province);
- Locality (or city);
- Organization (you can enter “NA” if you do not have one);
- Organizational Unit (you can enter “NA” if you do not have one);
- E-mail address.
* Only alphanumeric characters should be used when filling out the aforementioned fields.
It is recommended to generate a CSR code specifically on the server where the certificate is to be installed. Alternatively, you may use this online tool.
NB: Using online CSR generation tools is the least preferable option. However, if you use such a tool, please make sure to back up the private key.
There are a few possible options depending on the exact Amazon service you are using:
- If you have a Linux Instance with the Apache/Nginx web server installed, please refer to this guide.
- If you have a Windows Instance with Internet Information Services (IIS) web server unlocked, you can follow this illustrated guide.
- Here you can find the guide for the Tomcat server.
- If you need an SSL certificate for Load Balancer, you can generate a CSR code and upload your certificate to AWS with the help of the OpenSSL tool:
The command to generate a private key and a CSR code is the following:
openssl req -new -newkey rsa:2048 -nodes -keyout example.key -out example.csr
* You can replace “example” with the domain name the certificate will be issued for in order to easily identify the files later during installation.
* 2048 is a standard key size, and it should be not less than this key size.
Once a CSR is generated, you will get a block of code with the following tags: -----BEGIN CERTIFICATE REQUEST---- and -----END CERTIFICATE REQUEST----
Please use this code to activate your SSL certificate.
* To avoid any CSR-related errors during activation, we recommend that you check your CSR code at https://decoder.link/ before proceeding.