To install an SSL certificate on your virtual private server, the first
step is to generate a key for the Certificate Signing Request (CSR). If
the certificate will be used by service daemons, such as Apache,
Postfix, Dovecot, etc, a key without a passphrase is often appropriate.
Not having a passphrase allows the services to start without manual
intervention, usually the preferred way to start a daemon.
1. To generate the keys for the CSR, run the following command from a terminal prompt:
openssl req -new -newkey rsa:2048 -nodes -keyout myserver.key -out server.csr
server will now generate your private key and ask you to provide the
information for your CSR. It should look something like this:
Generating a 2048 bit RSA private key
writing new private key to 'myserver.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Arizona
Locality Name (eg, city) :Phoeinx
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Newtek
Organizational Unit Name (eg, section) :Technical Support
Common Name (e.g. server FQDN or YOUR name) :webservices.thesba.com
Email Address :email@example.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password :
An optional company name :
You do not need to enter the challenge password and the optional
company name. It's recommended that you leave these two fields blank.
You will need to copy the generated server.csr from your server to your local computer in order to upload the file to the CA.
You can now submit this CSR file to your Certiciate Authority you are
purchasing your SSL certificate from for processing. The CA will use
this CSR file and issue your SSL certificate.
Once you have
received your SSL certificate from the CA, you will need to install it.
View Knowledge Base Article #1582 for directions on how to install it to
For more information on Certificates, please see the Ubuntu Server Guide available at https://help.ubuntu.com/.