Connect with us

Hi, what are you looking for?


How To Generate A WildCard SSL Certificate CSR On Apache, Mod SSL & OpenSSL Servers

Certificate Signing Request (CSR) generation, which is a must for obtaining an SSL certificate from Certificate Authorities (CA), is a technically intensive process and might be cumbersome for those not familiar with the intricate steps involved for the same. The large number of live chats, calls and email support requests received by certificate Authorities from users seeking help in completing the process acknowledge the fact that the problem is indeed rife and must be addressed.

In this post, Mr. Jim Armstrong, a Web security specialist at RapidSSLOnline, addresses how to obtain a Certificate Signing Request for Apache + Mod SSL + OpenSSL servers from major Certificate Authorities on the web such as Symantec, GeoTrust, Thawte, and RapidSSL without any hassles. The process of CSR creation entails the generation of two types of keys: private and public keys as shown below.

Generating the Private Key

The OpenSSL Utility, which comes with every OpenSSL package, is mostly used to generate the private key and CSR. It should be installed on the following path: /usr/local/ssl/bin . If the OpenSSL utility package is installed on a different path, you have to adjust the OpenSSL package installation path. To do this, first enter the following command at the prompt: opensslgenrsa -des3 -out .key 2048 . This command will raise a 2048 bit RSA private key which will automatically get stored at the file It is imperative for all SSL Certificate CSRs to have a 2048-bit key length.

When prompted with the password command make sure that you choose a password that is secure i.e is a combination of alphabets, numbers and symbols as this password will a) protect the private key b) secure the certificate.

Note: The pass phrase requirement can be bypassed by omitting the -des3 option at the time of generation of the private key. In case you wish to leave the private key unprotected, it his highly recommended that only authorized server administrators have access to the server and ability to read the private key file.

Easy steps to generate WildCard SSL Certificate CSR at Apache

Generating the Public key and CSR

First Enter the following command at prompt: opensslreq -new -key .key -out .csr . If you are using OpenSSL on Windows server you can use this direct path to reach ‘openssl.cnf’:

opensslreq -new -key .key -config “c:Apache Software FoundationApache2.2confopenssl.cnf” -out .csr

This should be followed by filling mandatory information of the organization, which includes:

  • Country Name: Two-letter code of the country without punctuation (i.e. US, UK).
  • State or Province: Complete state name without any abbreviation. (i.e. New York, not NY).
  • Locality or City: City or town name without any abbreviation.
  • Company: In case a company or organization name has a symbol such as &, @, or * included within it’s name, the
  • symbol must be properly spelled out (i.e. AB & C Corporation would be AB and C Corporation).
  • Organizational Unit: An optional field which can be skipped by pressing ‘Enter’ on the keyboard but information filled here serves as additional authentication for obtaining the certificate from the CA.
  • Common Name: The Host + Domain Name.

Now both your private and public keys have been generated. The private key ( is stored locally on the server and employed for decryption. The public key, in the form of a WildCard SSL Certificate Signing Request (certrequest.csr), will be for certificate enrollment.

Note: If you wish to copy and paste the information into the enrollment form, you should first open the file in Notepad or Vi and save it as a .txt file. Please note that you shouldn’t use Microsoft Word as it inserts extra hidden characters which alter the contents of the CSR thereby rendering it useless.

If you seek further information regarding WildCard SSL Certificate Signing Request for a web server I’ve not covered, please click here.

Written By

Jim Armstrong is SSL Security Specialist at a Platinum Certificate Authority. is one of the most inexpensive SSL Certificate Providers in the world. You can reach him on , Twitter and Facebook.

1 Comment

1 Comment

  1. Richard

    June 11, 2014 at 2:37 pm

    Too bad the instructions given are just the standards CSR generation instructions and give absolutely no specific information on venerating a wildcard CSR.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You May Also Like


Is there a need to use third party code analysis tools in ensuring the security of an application? Isn’t the review conducted by the...


Online shopping is one of the more enjoyable aspects of modern life. You can do it any time of day or night without any...


Recently, internet experts discovered a serious bug that has been lurking around the internet for several years – the bug has been labelled as...


E-mails, Calendars and other similar applications have become some of the most important tools in today’s net savvy era. And with the introduction of...