If you’re planning to enable SSL on a bunch of sites that you own, you might want to save some time used on creating CSR for each domain.
What is CSR? It is Certificate Signing Request. When you generate a CSR for a domain, you actually create two files: the CSR itself, and private key.
CSR is passed to a company that issues SSL certificates. Private key should be placed on server together with the SSL certificate file that you will receive from certificate issuer.
Generate CSR on the command line
You can generate CSR (and private key) either on your local machine or right there on the server where you will be installing SSL certificates. It is most easy to be done on server, because server would likely have OpenSSL already installed (required for generating CSR and private key).
Follow your operating system conventions to place private keys and CSR files. On CentOS and other RedHat based distributions, navigate to /etc/pki/tls/private. This directory exists there for storing private key files:
Here’s a simple Bash script that creates private keys and CSRs for many domains at once:
#!/bin/bash
declare -a domains=("www.domain.com" "some.subdomain.com" "www.domain2.com")
for DOMAIN in "${domains[@]}"; do
openssl req -nodes -newkey rsa:2048 -keyout ${DOMAIN}.key -out ${DOMAIN}.csr -subj "/C=US/ST=Florida/L=Some City/O=GetPageSpeed/OU=/CN=${DOMAIN}"
done
Obviously, replace US with your country code, Florida with your state or province full name, Some City with your city name, GetPageSpeed with your company name.
Run the script with bash script.sh
Quick tip
If you get an error like “unable to write ‘random state'”, the reason is .rnd file in your home directory is owned by root rather than your account.
Delete generated files and do the quick fix:
sudo rm ~/.rnd
Then rerun the script.