How To Generate Certificate Signing Request(CSR) in Linux on an AWS instance?

July 17, 2020 / Nirav Shah

Generate Certificate Signing Request (CSR) In EC2 Linux

Anyone who has worked with secure applications knows about SSL. However, do you know, how to generate CSR in Linux on an AWS instance?

We can also generate a Private Key and this Private Key is needed when we Install the SSL Certificate on our Server after SSL Certificate is purchased. We can generate and share the CSR with the Certificate Authority for purchasing/renewing the SSL Certificate for our website.

a.What is CSR?

Certificate Signing request is a block of encoded text that is given to a Certificate Authority when applying for an SSL Certificate. It also contains the public key that will be included in the certificate. A private key is usually created at the same time that you create the CSR making it a key pair.

To deep-dive into this topic, you can visit this link.

b.Generate a Certificate Signing Request (CSR)

Now sign-in into your AWS console and follow the below steps.

We will gain ssh access into the Instance and start configuring the Instance for Installation. We are going to ssh into the instance through command-line.

$ ssh -i private-key.pem ubuntu@ (ip-address)

And we are able to connect to the Instance.

Now, the first thing we need to do is update the packages installed on the Instance as well as install some basic packages as per our requirements. First, we will update and clean the system by entering:-

$ sudo apt update && sudo apt upgrade -y && sudo apt autoremove -y && sudo apt autoclean

Step 1 Install OpenSSL to generate CSR.

For Ubuntu/Debian

$ sudo apt-get install openssl*

For Amazon Linux/Centos/RHEL

$ sudo yum install openssl*

Step 2 Generate CSR

Generate CSR using the following command.

$ openssl req -out devopsmyway.csr -new -newkey rsa:2048 -nodes -keyout devopsmyway.private.key

The following screen will appear. Provide the required details as they required.

Generating an RSA private key
………………………….+++++
..+++++

writing a new private key to ‘example.private.key’

Note If you want Wild Card SSL Certificate for your domain. Put *.domainname (e.g- *.example.private.key.com) in the Common Name

Step 3

Get your CSR and Private Key

As soon as you generate your CSR from the above command two files will we generated with .csr and .key extension.

List CSR file using LS command

$ ls

example.csr example.private.key

Step 4

Verify if CSR is generated properly.

Use cat command to see the content of CSR

$ cat example.csr

-----BEGIN CERTIFICATE REQUEST-----
MIICtjCCAZ4CAQAwcTELMAkGA1UEBhMCSU4xCzAJBgNVBAgMAkRMMQ4wDAYDVQQHwVREVWT1BTTVlXQVkgUFZULiBMVEQuMQswCQYDVQQLDAJJVDEYMBYGA1UEAwwPZGV2b3BzbXl3YXkuY29tMIIBIjANBgkqhkiG9w0BAQEAAOCAQ8AMIIBCgKCAQEA0TYKp5mW1O5TIrsJegeT0OXNfwaEqibQZJqYzubeUTOY3/COjZha1ELKOmhUuPiRhr0L43lLkBbLhu3sYhn9xZ2DjaCGz67sP/AxCFuoT4DqyYz3aTyMWZZzcjyIktfMTujQylpy/Q1uZ6ZHi7/H95e3/3Lo3ZxWN4R0fgpACg7F5NTZMBycbV4tjvFna3/J71How2LIpe6S/7dKyEoGtrqxB03/5qvU9cEoQ3DatB0vBeTPtrJCi3vMGCV25CPuvck09enJONSKOv9ElU8Bm0UBbX85g3diz9ebABBh6/n1qSf4DaKtpNwnMgsbQJzM2JVY24IZPhgp8Sq2Qk8A4wIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBABGDxgByL1Dlht44RV0w/Cffdgd5GkRbPyh5DwrzJx5EH8LeSsutGsq3QYi/rmAxZsw+1IJnEPE682iqMB9WZRILQO5i6MC9H+Xj4TfzTNsVGTDUn6qXV83ohSoSyKUX6+lTX2EMqqD9gyQUtDGTPmdDlVzRGDyiUVoI9jOMz6fn8eTcZcaQOW9Dx/AxUJIwk/xEuK9dvn8Mn56Zc7BYzQeqXi01i2uOvksp2pgkEPooKszdDn6HCQ=
----END CERTIFICATE REQUEST-----

Note,

Above key will be different from your case. Open this CSR Decoder and paste the content of CSR to see if CSR is generated properly or not.

You’ve got all the green ticks. That’s great you did it completely right now final step.

Step 5

So finally keep your Private key file safely and don’t share it with anyone. When you create SSL Certificate Installation the private key will be used. Share the CSR file to Certificate Authority to generate or Renew SSL Certificate for your Website.

c.conclusion

 

Also Read : How Enable Username & Password Authentication for Linux EC2