How to create a Certificate Signing Request for Apache ERS 3.0+?

Covalent Apache

To generate a CSR, you first need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match your private key. You will have to request a new SSL Certificate and may be charged.

Note We recommend that you contact Covalent for additional information.

Step 1: Generate a Key Pair

Use the utility “OpenSSL” to generate the key and CSR. This utility comes with the OpenSSL package. During installation, it is commonly stored in the folder directory under: /usr/local/ssl/bin. If it is installed elsewhere, adjust the directory used in these instructions accordingly.

  • Change directory to your SSL Key directory: cd/usr/local/ssl/private
  • Generate a Private key using the following command: openssl genrsa -des3 2048 > [your provider].key (e.g. GlobalSign)
Step 2: Generate a CSR
  1. Change directory to your SSL Certificate directory: cd /usr/local/ssl/crt

  2. Generate a CSR using the following command:
    openssl req -new -key ../private/ [your provider].key > [your provider].csr (e.g. GlobalSign)

This step will create the X.509 attributes of the certificate:

  • Common Name – Must match the URL you plan to secure exactly – is usually your fully-qualified domain name, e.g., or Remember the www. Is important – include it if you want to secure & exclude it if you want to secure
  • Organisation - The legal (officially registered) name of your organization/company include Inc., LLP., Pvt, Plc. LTD. SARL., etc.
  • Organisational unit - The name of your department within the organization (this is often "IT," "Web," or is just left blank)
  • City/locality - The city or town in which your organization is located.
  • State/province - The state in which your organization is located.
  • Country - Click here for the official list of ISO country codes for this field.

Note Please do not enter your email address, challenge password or an optional company name when generating the CSR.

  1. Open the file in a text editor that does not add extra characters (Notepad or vi are recommended).
  2. Copy all of the text.
  3. Go to the enrollment and paste the information into the form when prompted for the CSR.