This document provides instructions for generating a Certificate Signing Request (CSR) for Nginx Server. If this document can not be used with the server, RapidSSL recommends contacting a company that supports Nginx.
NOTE: To generate a CSR, you will need to create a key pair for your server. If the private key file or pass phrase is lost a new private key & CSR will need to be generated and the certificate reissued using the new CSR.
To generate a CSR on Nginx, please do the following:
- Login to your server via your terminal client (ssh). The first step will be generating the private key. At the prompt, type:
openssl genrsa -out [private-key-file.key] 2048
- Once the private key has been generated, run the command below to generate the CSR.
openssl req -new -key [private-key-file.key] -out [CSR-file.txt]
- Country Name (C): Use the two-letter code without punctuation for country, for example: US or CA.
- State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: Oregon.
- Locality or City (L): The Locality field is the city or town name, for example: Eugene.
- Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll, for example: XY & Z Corporation would be XYZ Corportation or XY and Z Corportation.
- Organizational Unit (OU): This field is the name of the department or organization unit making the request.
- Common Name (CN): The Common Name is the Host + Domain Name. For example www.bbtest.net or secure.bbtest.net
- Optional Fields: When promted, please do not enter your email address, challenge password or an optional company name when generating the CSR. Pressing Enter/Return will leave these fields blank.
- Your CSR file will then be created.
- Proceed to Enrollment and paste the CSR in the enrollment form when required.
Once the certificate has been issued, refer to this link for installation instructions.