July 17, 2020 / Nirav S
Anyone who has worked with secure applications knows about SSL. However, do you know, how to generate CSR in Linux on an AWS instance?
We can also generate a Private Key and this Private Key is needed when we Install the SSL Certificate on our Server after SSL Certificate is purchased. We can generate and share the CSR with the Certificate Authority for purchasing/renewing the SSL Certificate for our website.
But what is CSR?
Certificate Signing request is a block of encoded text that is given to a Certificate Authority when applying for an SSL Certificate. It also contains the public key that will be included in the certificate. A private key is usually created at the same time that you create the CSR making it a key pair.
To deep-dive into this topic, you can visit this link.
Now sign-in into your AWS console and follow the below steps.
We will gain ssh access into the Instance and start configuring the Instance for Installation. We are going to ssh into the instance through command-line.
$ ssh -i private-key.pem ubuntu@ (ip-address)
And we are able to connect to the Instance.
Now, the first thing we need to do is update the packages installed on the Instance as well as install some basic packages as per our requirements. First, we will update and clean the system by entering:-
$ sudo apt update && sudo apt upgrade -y && sudo apt autoremove -y && sudo apt autoclean
Step 1 Install OpenSSL to generate CSR.
$ sudo apt-get install openssl*
For Amazon Linux/Centos/RHEL
$ sudo yum install openssl*
Step 2 Generate CSR
Generate CSR using the following command.
$ openssl req -out devopsmyway.csr -new -newkey rsa:2048 -nodes -keyout devopsmyway.private.key
The following screen will appear. Provide the required details as they required.
Generating an RSA private key ………………………….+++++ ..+++++ writing a new private key to ‘example.private.key’
Note If you want Wild Card SSL Certificate for your domain. Put *.domainname (e.g- *.example.private.key.com) in the Common Name
Get your CSR and Private Key
As soon as you generate your CSR from the above command two files will we generated with .csr and .key extension.
List CSR file using LS command
Verify if CSR is generated properly.
Use cat command to see the content of CSR
$ cat example.csr
-----BEGIN CERTIFICATE REQUEST----- MIICtjCCAZ4CAQAwcTELMAkGA1UEBhMCSU4xCzAJBgNVBAgMAkRMMQ4wDAYDVQQHwVREVWT1BTTVlXQVkgUFZULiBMVEQuMQswCQYDVQQLDAJJVDEYMBYGA1UEAwwPZGV2b3BzbXl3YXkuY29tMIIBIjANBgkqhkiG9w0BAQEAAOCAQ8AMIIBCgKCAQEA0TYKp5mW1O5TIrsJegeT0OXNfwaEqibQZJqYzubeUTOY3/COjZha1ELKOmhUuPiRhr0L43lLkBbLhu3sYhn9xZ2DjaCGz67sP/AxCFuoT4DqyYz3aTyMWZZzcjyIktfMTujQylpy/Q1uZ6ZHi7/H95e3/3Lo3ZxWN4R0fgpACg7F5NTZMBycbV4tjvFna3/J71How2LIpe6S/7dKyEoGtrqxB03/5qvU9cEoQ3DatB0vBeTPtrJCi3vMGCV25CPuvck09enJONSKOv9ElU8Bm0UBbX85g3diz9ebABBh6/n1qSf4DaKtpNwnMgsbQJzM2JVY24IZPhgp8Sq2Qk8A4wIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBABGDxgByL1Dlht44RV0w/Cffdgd5GkRbPyh5DwrzJx5EH8LeSsutGsq3QYi/rmAxZsw+1IJnEPE682iqMB9WZRILQO5i6MC9H+Xj4TfzTNsVGTDUn6qXV83ohSoSyKUX6+lTX2EMqqD9gyQUtDGTPmdDlVzRGDyiUVoI9jOMz6fn8eTcZcaQOW9Dx/AxUJIwk/xEuK9dvn8Mn56Zc7BYzQeqXi01i2uOvksp2pgkEPooKszdDn6HCQ= ----END CERTIFICATE REQUEST-----
Above key will be different from your case. Open this CSR Decoder and paste the content of CSR to see if CSR is generated properly or not.
You’ve got all the green ticks. That’s great you did it completely right now final step.
So finally keep your Private key file safely and don’t share it with anyone. When you create SSL Certificate Installation the private key will be used. Share the CSR file to Certificate Authority to generate or Renew SSL Certificate for your Website.
Have queries about your AWS project ideas and concepts? Please drop in your project details to discuss with our AWS experts, professionals and consultants.