How to generate CSR (Linux)
To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver, "server", use the following command :
This creates a two files. The file myserver.key contains a private key; do not disclose this file to anyone. Carefully protect the private key.
In particular, be sure to backup the private key, as there is no means to recover it should it be lost. The private key is used as input in the command to generate a Certificate Signing Request (CSR).
You will now be asked to enter details to be entered into your CSR.
Please enter the following 'extra' attributes to be sent with your certificate request
Use the name of the web-server as Common Name (CN). If the domain name (Common Name) is mydomain.com append the domain to the hostname (use the fully qualified domain name).
The fields email address, optional company name and challenge password can be left blank for a webserver certificate.
Your CSR will now have been created. Open the server.csr in a text editor and copy and paste the contents into the online enrollment form when requested.
Alternatively one may issue the following command to generate a CSR:
Note: If the "-nodes" is entered the key will not be encrypted with a DES pass phrase.