If you're unsure about creating certificates, consider using Aptible's Managed TLS feature.
The CSR is a file containing information about a SSL / TLS certificate you'd like a CA (Certification Authority) to issue.
You can generate a new CSR using OpenSSL's,
openssl req command:
openssl req -newkey rsa:2048 -nodes \ -keyout "$DOMAIN.key" -out "$DOMAIN.csr"
Store the private key (the
$DOMAIN.key file) and CSR (the
$DOMAIN.csr file) in a secure location, then request a certificate from the CA of your choice.
Once your CSR is approved, if the CA asks what certificate format you prefer, request an "NGiNX / other" format.
If you are unsure which certificates, private keys, and CSRs match each other, you can compare the hashes of the modulus of each:
openssl x509 -noout -modulus -in certificate.crt | openssl md5 openssl rsa -noout -modulus -in "$DOMAIN.key" | openssl md5 openssl req -noout -modulus -in "$DOMAIN.csr" | openssl md5
If the hashes are identical, that means the files match.
You can reuse a private key and CSR when renewing an SSL / TLS certificate, but from a security perspective, it's often a better idea to generate a new key and CSR when renewing.
Updated 11 months ago