CSR ( Certificate Signing Request ) is the first step towards obtaining SSL certificate to your web site.
Once you created your CSR, then you have to keep your private key securely in your side.
Then order the SSL certificate by submitting your CSR file to the preferred Certificate Authority.
Certificate Authority will process your request and release SSL certificate accordingly.
Step 1. Login to the server terminal and run bellow command, Replace mysitename with your site name
openssl req -new -newkey rsa:2048 -nodes -keyout <mysitename>.key -out <mysitename>.csr
Enter relevant information for below queries
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Note : Domain can be a single domain ( mysitename.com ), wildcard domains ( *.mysitename.com), multiple domain ( abc.mysitename.com ).
Cost of generating certificates may be changed according to domain name you provided.
It will generate two files.
Certificate signing request file : <mysitename>.csr
Your private key file : <mysitename>.key ( Do not share private key file with any party )
Step 2 : Validate the generated <mysitename>.csr file via online
Step 3 : Submit the CSR to the selected Certificate Authority
Examples : DigiCert SSL.
Symantec SSL.
RapidSSL.
GeoTrust SSL.
Thawte SSL.
Step 4 : Login to the Certificate Authority's portal and browse your order number. Download the certificate
Step 5 : Install your certificate in to the keystore file. Replace <mysitename> with your domain name
keytool -import -alias <mysitename> -file <certificate file name> -keystore <mysitename>.jks
Step 6: Configure the Keystore file in your server.
For tomcat : Updated connector block <Path to tomcat server>/conf/server.xml
<Connector port="443" maxHttpHeaderSize="8192" maxThreads="100"
minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
SSLEnabled="true" clientAuth="false"
sslProtocol="TLS" keyAlias="server"
keystoreFile="<path to keystore file>.jks"
keystorePass="<keystore password>" />
For Apache : Update VirtualHost block in <path to apache server>/sites-available/<mysitename>.conf
<VirtualHost <my site ip>:443>
DocumentRoot /var/www/html2
ServerName www.yourdomain.com
SSLEngine on
SSLCertificateFile <path to certificate>.crt
SSLCertificateKeyFile <path to private key>.key
SSLCertificateChainFile <path to certificate chain>.crt
</VirtualHost>
Step 7 : Restart your server
Step 8 : Make sure public internet routing configured to your server via security layer
Note : If you route your traffic via load balancer, you have to install certificate to your load balancer.
Step 9 : Browse your web site using HTTPS protocol.
Step 10 : Troubleshoot any issues using server access logs
