Generate CSR for Amazon Web Services (AWS)

Generating a certificate signing request (CSR) file for Amazon Web Services (AWS) HTTPS load balancers requires the use of Apache OpenSSL to do so. Amazon Web Services (AWS) includes more than 90 services, which are used to build sophisticated applications for providing efficient Cloud Computing, Storage, Database, Migration, Network & Content Delivery solutions.

Security on a cloud server is essential to stop eavesdrop or data thief. Therefore, in this article, We would like to know how to generate CSR for Amazon Web Services (AWS) for ordering your SSL certificate. Learn more about different types of SSL certificates used to protect online communication between server and browser.

Essentially, A Certificate Signing Request (CSR) is a file containing your SSL certificate application information along with the private key. Generated AWS CSR file will be sent to issuing Certificate Authority (CA) through an online enrollment form. Finally, CA validates the certificate request depending on the information provided in the CSR file and issue the SSL Certificate.

Generate CSR for Amazon Web Services (AWS)

You will require OpenSSL command-line tool to generate a pair of the private key and CSR for Amazon Web Services (AWS) and an SSL Certificate can be uploaded through AWS CLI (Command Line Interface).

Step 1: Generate the Private Key

Enter the following command to generate private key and CSR for webserver “AWS”

openssl req –new –newkey rsa:2048 –nodes –keyout awsserver.key –out awsserver.csr

Note: This is a awsserver.key file that will be stored locally on the server machine and it used as input in the command to generate a CSR.

Step 2: Generate the CSR

Once you enter the above command, you will now be asked to enter the following information into your CSR amazon.

Country name : US (e.g., Type two-letter code US = United States)
State of Province Name: California (e.g.,full name of state)
Locality Name: Los Angeles (e.g., It means City name)
Organization Name: Company LLC (e.g., full legal name of your company)
Note: For domain validation, the “Organization Name” field is not compulsory, it can be replaced with N.A
Organizational Unit: Sales (e.g., it means certificate request has been made in which section of business like Sales, Marketing etc..)
Note: For domain validation, this field is not compulsory can be replaced with N.A.
Common Name: www.example.com (e.g., mention Fully Qualified Domain Name (FQDN) that you need to secure.
Note: If you generating CSR for Wildcard SSL certificate the common name should begin with asterisk (*) (e.g., *.example.com or *.sub.example.com).
Email address: (e.g. Enter the email address associated with a domain name such as admin@example.com
A challenge password:
An optional company name:

Email address, challenge password, and option company name fields are optional and they can be left blank for a web server.

Now, awsserver.csr file has been created, and you need to copy and past CSR in a plain text editor of Windows (ex. Notepad) including the BEGIN and END tags, Which you need later during the enrollment process. The next step is to learn how to install SSL Certificate on Amazon Web Services.

Related Posts: