Generate SHA 2 RSA Key and CSR

Generate SHA 2 RSA Key and CSR

To generate a SHA 2 RSA Key and CSR from the command line, use the following on the web server:

Linux:

Change directory to a folder of your choice, on shared machines, use the domain's web root(/hsphere/local/home/user/domain) for easy retrieval:
  • Hsphere
    cd /hsphere/local/home/user/domain/
  • cPanel
    cd /home/user/public_html
Once in the directory you wish to save the files, issue the following command taking note of the configurable fields(italicized):

openssl req -new -newkey rsa:2048 -nodes -sha256 -out www.mydomain.com.sha256.csr -keyout www.mydomain.com.key -subj "/C=xx/ST=xx/L=xx/O=xx/CN=www.mydomain.com"

In the above command, you will need to change/add the following:
  • www.mydomain.com - This needs to be for the domain the client wants protected(pay close attention to the third level domain(www.))
    Also note that there are three(3) areas where you will want to add the domain
  • /C=xx - Where xx is the Country Code (US, CA, FR, etc)
  • /ST=xx - Where xx is the state/province (TX, OR, BC, etc)
  • /L=xx - Where xx is the Location(city) (Dallas, Toronto, Paris, etc)
  • /O=xx - Where xx is the Organization (This isn't necessary but pay attention, some clients will specify). If there is no Organization specified, leave the O= and remove the xx's
  • /CN=www.mydomain.com - Where www.mydomain.com is Common Name(actual URL protected, again pay attention to the third level domain(www.))
This command will generate both the key and CSR. When the command completes, you can simply cat the files; www.mydomain.com.key and www.mydomain.com.sha256.csr.

Verify the CSR is SHA2 with any tool you prefer, this is a good one.

Windows:

This will be added at a later time.

    • Related Articles

    • HSphere - How to generate a CSR (Certificate Signing Request)

      To generate a CSR (Certificate Signing Request), please do the following in the control panel: 1) Login to the control panel for the domain that you need the CSR for 2) Go to Domain Settings --> Web options (if you have multiple domains in this ...

    • SHA1 to SHA2 Migration Guide

      ***Guide pending verification*** With windows ssl reissues sha1 -> sha2   If you are here, then most likely you have a site on a server that is producing a red strike on https when using google chrome. Mostly likely, this is due to:   !!!The ...

    • How to Set up SSH Keys

      About SSH Keys SSH keys provide a more secure way of logging into a virtual private server with SSH than using a password alone. While a password can eventually be cracked with a brute force attack, SSH keys are nearly impossible to decipher by brute ...

    • Securing SSL on Windows 2008 R2

      To secure SSL on windows 2008 R2 please do the following: 1. Create an empty reg file. 2. Copy the following content into it: ======================================================================================== Windows Registry Editor Version ...

    • Wildcard SSL

      Wildcard Certificates use Subject Alternative Names (SANs) to secure a domain and all of its first-level subdomains. For example, a certificate for *.example.com secures www.example.com, mail.example.com, blog.example.com etc. A standard SSL ...