Essentially, A Certificate Signing Request (CSR) is a file containing your SSL certificate application information along with private key. Generated CSR file will be sent to issuing Certificate Authority (CA) through online enrollment form. Finally, CA validates the certificate request depending on the information provided in the CSR file and issue the SSL Certificate.
Amazon Web Services (AWS) includes more than 90 services, which are used to build sophisticated applications for providing efficient Cloud Computing, Storage, Database, Migration, Network & Content Delivery solutions. Security on cloud server is essential to stop eavesdrop or data thief. Therefore, in this article, We would like to know you how to generate CSR for Amazon Web Services (AWS) for ordering your SSL certificate. Learn more about different types of SSL certificates used to protect online communication between server and browser.
You will require OpenSSL command-line tool to generate pair of private key and CSR for Amazon Web Services (AWS) and SSL Certificate can be uploaded through AWS CLI (Command Line Interface).
Enter the following command to generate private key and CSR for web server “AWS”
openssl req –new –newkey rsa:2048 –nodes –keyout awsserver.key –out awsserver.csr
Note: This is a awsserver.key file will be stored locally on server machine and it used as input in the command to generate a CSR.
Once you enter above command, you will now be asked to enter following information into your CSR.
- Country name : US (e.g., Type two-letter code US = United States)
- State of Province Name: California (e.g., full name of state)
- Locality Name: Los Angeles (e.g., It means City name)
- Organization Name: Company LLC (e.g., full legal name of your company)
Note: For domain validation, “Organization Name” field is not compulsory, it can be replaced with N.A
- Organizational Unit: Sales (e.g., it means certificate request has been made in which section of business like Sales, Marketing etc..)
Note: For domain validation, this field is not compulsory can be replaced with N.A.
- Common Name: www.example.com (e.g., mention Fully Qualified Domain Name (FQDN) that you need to secure.
Note: If you generating CSR for Wildcard SSL certificate the common name should begins with asterisk (*) (e.g., *.example.com or *.sub.example.com).
- Email address: (e.g. Enter email address associated with domain name such as firstname.lastname@example.org
- A challenge password:
- An optional company name:
Email address, challenge password and option company name fields are optional and it can be left blank for a web server.
Now, awsserver.csr file has been created, that you need to copy and past CSR in a plain text editor of Windows (ex. Notepad) including the BEGIN and END tags, Which you need later during enrollment process. Next step is learn how to how to install SSL Certificate on Amazon Web Services.