Please follow below steps to generate CSR and Private Key for a Linux Server/VM
- Login to linux server as root via putty
- Run the following commands to create a directory in which to store your RSA key, substitute “domain.com” to domain name that is planned to be used, for eg, “NewSite.com”. mkdir ~/domain.com.ssl/ and cd ~/domain.com.ssl/
- Run the following command to generate a private Key (replace domain.com to your domain name [dot] com), openssl genrsa –out ~/domain.com.ssl/domain.com.key 2048
- Create a CSR. Run the following command to create a CSR with the RSA private key (output is in Privacy-Enhanced Mail (PEM) format). Replace domain.com with your domain name. when asked for challenge password and optional company name, you can leave that blank. openssl req -new -sha256 -key ~/domain.com.ssl/domain.com.key -out ~/domain.com.ssl/domain.com.csr
- Verify your CSR. Run following command to verify your generated CSR. Replace domain.com with your domain name. openssl req -noout -text -in ~/domain.com.ssl/domain.com.csr
- After you have verified your CSR, you can submit it to a CA to purchase an SSL certificate.