< > ~ ! @ # $ % ^ * / ( ) ? . , &
Field | Explanation | Example |
---|---|---|
Common Name | The fully qualified domain name to which the certificate applies. The domain names example.com and www.example.com are distinct from each other, so be sure to submit your request for the right domain. If you are purchasing a wildcard certificate, use *.example.com. | example.com |
Organization Name | The exact legal name of your organization. The Certificate Authority (CA) might seek to confirm that your organization is real and legally registered, so don’t abbreviate words that aren’t abbreviated in the organization’s legal name. | Example Inc. |
Organizational Unit | The branch of your organization that is making the request. | Marketing |
City/locality | The city where your organization is legally located. Do not abbreviate the city name. | San Antonio |
State/province | The state or province where your organization is legally located. Do not abbreviate the state or province name. | Texas |
Country/region | The two-letter International Standards Organization (ISO) abbreviation for your country. | US |
Field | Explanation | Example |
---|---|---|
Common Name | The fully qualified domain name to which the certificate applies. The domain names example.com and www.example.com are distinct from each other, so be sure to submit your request for the right domain. If you are purchasing a wildcard certificate, use *.example.com. | example.com |
Organization Name | The exact legal name of your organization. The CA might seek to confirm that your organization is real and legally registered, so don’t abbreviate words that aren’t abbreviated in the organization’s legal name. | Example Inc. |
Organizational Unit | The branch of your organization that is making the request. | Marketing |
City/locality | The city where your organization is legally located. Do not abbreviate the city name. | San Antonio |
State/province | The state or province where your organization is legally located. Do not abbreviate the state or province name. | Texas |
Country/region | The two-letter ISO abbreviation for your country. | US |
Field | Explanation | Example |
---|---|---|
Domain Name | The fully qualified domain name to which the certificate applies. The domain names example.com and www.example.com are distinct from each other, so be sure to submit your request for the right domain. If you want to secure both domains, you can use the Alt Names field. If you are purchasing a wildcard certificate, use *.example.com. | example.com |
Alt Names | (Optional) Additional domains that you want to add to the request. Each CA treats these differently, and the CA might charge for additional names. You can submit a comma-separated list. | www.example.com, secure.example.com |
Email Address | (Optional) A contact email address for the certificate. | [email protected] |
Organization Name | The exact legal name of your organization. The CA might seek to confirm that your organization is real and legally registered, so don’t abbreviate words that aren’t abbreviated in the organization’s legal name. | Example Inc. |
Organizational Unit | (Optional) The branch of your organization that is making the request. | Marketing |
City | The city where your organization is legally located. Do not abbreviate the city name. | San Antonio |
State or Province | The state or province where your organization is legally located. Do not abbreviate the state or province name. | Texas |
Country | Choose your country from the drop-down menu. The two-letter ISO abbreviation for your country is included in the CSR. | United States |
Private Key Bit Length | Key sizes smaller than 2048 are considered insecure and might not be accepted by a CA. | 1024,2048,4096 |
Hashing Algorithm | Both algorithms are currently trusted in mainstream browsers and offer industry recommended security. SHA-512 requires additional CPU processing. | SHA-256, SHA-512 |
< > ~ ! @ # $ % ^ * / ( ) ? . , &
Field | Explanation | Example |
---|---|---|
Device(s) | The server or servers for which you want to generate a CSR. Use the drop-down menu to select your servers. | |
Common Name | The fully qualified domain name to which the certificate applies. The domain names example.com and www.example.com are distinct from each other, so be sure to submit your request for the right domain. If you want to secure both domains, you can use the Alt Names field. If you are purchasing a wildcard certificate, use *.example.com. | example.com |
Alt. Names | (Optional) Additional domains that you want to add to the request. Each CA treats these differently, and the CA might charge for additional names. You can submit a comma-separated list. | www.example.com, secure.example.com |
Email Address | (Optional) A contact email address for the certificate. | [email protected] |
Organization | The exact legal name of your organization. The CA might seek to confirm that your organization is real and legally registered, so don’t abbreviate words that aren’t abbreviated in the organization’s legal name. | Example Inc. |
Organizational Unit | (Optional) The branch of your organization that is making the request. | Marketing |
Locality (City) | The city where your organization is legally located. Do not abbreviate the city name. | San Antonio |
State or Province Name | The state or province where your organization is legally located. Do not abbreviate the state or province name. | Texas |
Country | Choose your country from the drop-down menu. The two-letter ISO abbreviation for your country is included in the CSR. | United States |
Updated by LinodeWritten by Linode
root
user and change to the directory in which you want to create the certificate and key pair. That location will vary depending on your needs. Here we’ll use /root/certs
:man openssl
in your terminal.-newkey rsa:4096
: Create a 4096 bit RSA key for use with the certificate. RSA 2048
is the default on more recent versions of OpenSSL but to be sure of the key size, you should specify it during creation.-x509
: Create a self-signed certificate.-sha256
: Generate the certificate request using 265-bit SHA (Secure Hash Algorithm).-days
: Determines the length of time in days that the certificate is being issued for. For a self-signed certificate, this value can be increased as necessary.-nodes
: Create a certificate that does not require a passphrase. If this option is excluded, you will be required to enter the passphrase in the console each time the application using it is restarted.root
can access it: