This post is going to cover the process of creating a certificate signing request in a few simple ways, and why you might want to.
If you have a blog or website, you’ll want to have any data protected from prying eyes by encrypting the contents with Transport Layer Security (TLS). To achieve that you’ll need an SSL certificate. SSL refers to the Secure Sockets Layer, the original security protocol developed by Netscape, but replaced by TLS.
A good reason for wanting to encrypt data is that Google will
You can use SSL certificates for a whole host of things apart from just securing web sites such as validating endpoints of VPN (Virtual Private Network) tunnels and encrypting email traffic.
Use case for generating a Certificate Signing Request
When you create a website it needs to be hosted with a service provider unless you choose to host it on your own servers. Either way, you’ll need an SSL certificate. Some providers make the process easier than others. The graphic below from Fasthosts shows the requirements needed to obtain a certificate.
Note the last point “Generate a Certificate Signing request”.
1; So, given that you need to go through the process of generating a CSR, what information is required for a properly formatted request. We can inspect any certificate from any website by clicking the padlock icon in the browser navigation bar.
In the above image, we can see the certificate is “valid” so we know it matches the website address, it is within date, and it is signed by an authority that our browser trusts.
2; After clicking the Certificate icon in the pop-up we get the Certificate window shown above. We can select and see various things such as the Subject, Subject Alternative Names, and the Certificate Path. You probably don’t need to worry about the Subject Alternative names if your only securing a single domain name because most certificates will include both www.yoursite.com as well as yoursite.com.
As you can see, the subject contains the fields, CN (Common Name), O (Organization), OU (Organizational Unit), L (Locale or City), S (State or Province) and C (Country Name), Some certificates have more fields, but even those above aren’t all required.
The CN is the critical one and it must match the URL (Uniform Resource Locator) of the website so if the website it is to be used for is techiedoodah.com, then the CN has to be techiedoodah.com
The only other field you’ll need to worry about is the Subject Alternative Name. You might want to include techiedoodah.com and www.techiedoodah.com (replace techiedoodah.com with your website name).
Generating a Certificate Signing Request online
4; Simply fill in the fields and click on Generate CSR.
5; Copy and paste the certificate into a text editor like notepad and save it somewhere for safekeeping.
For advanced certificate manipulation, you can install a program called OpenSSL on your computer and use that to generate certificate signing requests. You can change the certificate formats, add and remove certificate passwords but that’ll be for another blog post. If you have it installed, to create a CSR th same as the above you’d need to open a command prompt and type in
openssl req -out techiedoodah.csr -new -newkey rsa:2048 -nodes -keyout techiedoodah.key
6; The OpenSSL program will prompt for input to the various fields until the CSR is complete.
In both of the above cases, generating the certificate request also provides a private key. The private key is important and needs to be installed on the same server as the certificate when the certificate is returned from the vendor.
7; You can determine if the CSR is valid by using an online CSR checker such as at SSLShopper https://www.sslshopper.com/csr-decoder.html
8; If OpenSSL is a bit complex, and you’re not happy with generating a CSR online, there is an app for Android called d/cert which can generate the CSR and private key for you.
9; Click on the red circle with the plus, and then choose to add a new private/public key pair.
10; Add a name for the key
11; Add the details and then click ok.
12; Finally, select “Create CSR” from the private key. The application will create the CSR and you can click the button to export the CSR.
You can export the private and public keys in a similar fashion and save them or email them to wherever they’ll be required.
Once the certificate is returned to you, you can install it by following the instructions from your hosting provider. Once it’s installed you should see a padlock in the browser bar
Testing your HTTPS site
13; Browse to the ssllabs website and click on “Test your server”.
14; Put in the site details on the next page and click the “Submit button”
15; Go and have a coffee. When you get back the scan should have completed and your results should be in.
To cut a long story short, the summary
SSL provides a protocol to encrypt digital traffic being sent across the Internet. If you have a web site you’ll want to take advantage of encry
To get a certificate from a provider, it’s likely that you’ll need to generate a certificate signing request. The CSR can be generated online, by using an open-source program called OpenSSL or even by using apps available in the Google Play Store.
Once the CSR has been created you check it using online certificate decoders to make sure there are no problems with it and it will be accepted by the major vendors.
Once the certificate is installed you can run a test against the website using ssllabs testing tools to provide a scan report.
If you’re a network engineer and you could use an IPv4 subnet calculator check out the free techiedoodah IPv4 excel subnet calculator spreadsheet and if you get a lot of time hands on rackside and need a tray to put your laptop on, let us know what you think of the Portable Rack Mount Laptop Tray and sign up if you want one. Type with two hands instead of one, be more comfortable, improve your productivity and get out of the server room sooner, (or wherever the rack happens to be).
Techiedoodah blogs are created in the hope that they can help others by giving real-life examples. If this has been useful to you please feel free to leave a comment. If you’re reading this post on the home page, you won’t be able to post comments here, so follow this link to the blog, and then scroll to the comments section at the bottom of the page.
Comments below for the article “Creating a certificate signing request”.