Generate a CSR for NGINX Server
- Login to your server via secure SSH terminal.
- Create an RSA private key. Run this command.
$ openssl genrsa -out server.key 2048
- Create a Certificate Signing Request (CSR) using the private key created in the previous step. Run this command.
$ openssl req -new -key server.key -out server.csr
-
Enter information that will be included in your Certificate Signing Request (CSR).
Country Name: Two uppercase letters only (United Kingdom, use GB not UK). The country where your company is legally located. State or Province Name:
The state/province where your company is legally located. Do not abbreviate. (e.g., California) Locality Name:
The city where your company is legally located. Organization Name: Your company’s legally registered name (e.g., YourCompany, Inc.). Organizational Unit Name: The name of your department within the organization. Examples: "IT", "Web Sales", or simply leave blank. Common name: The fully-qualified domain name (FQDN) (e.g., www.example.com or *.example.com for wildcard certs). Email Address: Leave it blank by hitting Enter. A challenge password: Leave it blank by hitting Enter. An optional company name: Leave it blank by hitting Enter.Note: The following characters should not be used in your CSR input: < > ~ ! @ # $ % ^ / \ ( ) ? , &
- Run the Linux list (
ls
) command to see the two new files created:server.key
&server.csr
.
$ ls
server.csr server.key - To view the contents of the
server.csr
file run the linuxcat
command. Copy the entire contents of the file including theBEGIN
andEND
lines and paste the contents into the form when enrolling for the certificate.$ cat server.csr
- Save your
server.key
private key file. You will need it later when your certificate is issued and installed on your server.
DO NOT share your private key with anyone, not even us.
Install SSL Certificate on NGINX
- Install your SSL certificate on NGINX
Additional Resources
- Official NGINX website
- Setting up an NGINX HTTPS Server
- NGINX certificate chains
- Setting up NGINX to use or Server Name Indication (SNI)
Please contact our support team if you have any additional problems or questions.