Skip to main content

Generating CSRs

Generating a Certificate Via OpenSSL

Instructions to generate certificates with openSSL can also be found documented here, on our support site.

To generate a CSR (Certificate Signing Request), open a terminal that has the openssl package installed. The following commands will generate a (self-signed) SSL certificate from a new or existing OpenSSL installation:

  1. Generate a private key for your server CA (Certificate Authority):

    $ openssl genrsa -des3 -out ca.key 4096
  2. Create a certificate file using the generated CA private key:

    $ openssl req -new -x509 -days 3650 -key ca.key -out ca_file
  3. Create a private key for your new SSL certificate:

    $ openssl genrsa -des3 -out server.key 2048
  4. Create certificate signing request (CSR) for your SSL certificate:

    $ openssl req -new -key server.key -out server.csr
  5. Sign the CSR we created above with our CA key, and export the signed x509 certificate:

    $ openssl x509 -req -days 365 -in server.csr -CA ca_file -CAkey ca.key -set_serial 01 -out cert_file
  6. Export the private key file in the correct format:

    $ openssl rsa -in server.key -out key_file

Adding a new certificate is easy; See add a new certificate via appliance manager instructions here.

Generating Non-Production CSRs

caution

We recommend using the OpenSSL method outlined above. Use the following online generator at your own risk, and only for non-production purposes. A 'private' key generated by this link (or any third party) is unlikely to be truly private.

If you need to quickly generate a non-production Certificate Signing Request (CSR), you can use this online CSR generator at your own risk: CSR Generator.