fbpx

Server Setup

Generate CSR for SSL certificates FAST

by , , revisited on


We have by far the largest RPM repository with NGINX module packages and VMODs for Varnish. If you want to install NGINX, Varnish, and lots of useful performance/security software with smooth yum upgrades for production use, this is the repository for you.
Active subscription is required.

If you’re planning to enable SSL on a bunch of sites that you own, you might want to save some time used on creating CSR for each domain.

What is CSR? It is Certificate Signing Request. When you generate a CSR for a domain, you actually create two files: the CSR itself, and private key.

CSR is passed to a company that issues SSL certificates. Private key should be placed on server together with the SSL certificate file that you will receive from certificate issuer.

Generate CSR on the command line

You can generate CSR (and private key) either on your local machine or right there on the server where you will be installing SSL certificates. It is most easy to be done on server, because server would likely have OpenSSL already installed (required for generating CSR and private key).

Follow your operating system conventions to place private keys and CSR files. On CentOS and other RedHat based distributions, navigate to /etc/pki/tls/private. This directory exists there for storing private key files:

Here’s a simple Bash script that creates private keys and CSRs for many domains at once:

#!/bin/bash

declare -a domains=("www.domain.com" "some.subdomain.com" "www.domain2.com")

for DOMAIN in "${domains[@]}"; do
  openssl req -nodes -newkey rsa:2048 -keyout ${DOMAIN}.key -out ${DOMAIN}.csr -subj "/C=US/ST=Florida/L=Some City/O=GetPageSpeed/OU=/CN=${DOMAIN}"
done

Obviously, replace US with your country code, Florida with your state or province full name, Some City with your city name, GetPageSpeed with your company name.

Run the script with bash script.sh

Quick tip

If you get an error like “unable to write ‘random state'”, the reason is .rnd file in your home directory is owned by root rather than your account.

Delete generated files and do the quick fix:

sudo rm ~/.rnd

Then rerun the script.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.