NGINX: Generate CSRs (Certificate Signing Requests)

Before you can request your SSL, you must generate a Certificate Signing Request (CSR) From your server. When you have completed generating your CSR, cut/copy and paste it into the CSR field on the SSL certificate-request page.

To Generate NGINX CSRs

1. Connect to your server via SSH (more info).
2. Run the following command:
   openssl req -new -newkey rsa:2048 -nodes -keyout your domain name.key -out your domain name.csr

   Replace your domain name with the domain name you're securing. For example, if your domain name is coolexample.com, you would type coolexample.key and coolexample.csr.

3. Enter the requested information:

   Field	What to enter...
   Common Name	The fully-qualified domain name, or URL, you want to secure. If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *.coolexample.com.
   Organization	The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requestor's name.
   Organization Unit	If applicable, enter the DBA (Doing Business As) name.
   City or Locality	Name of the city where your organization is registered/located. Do not abbreviate.
   State or Province	Name of the state or province where your organization is located. Do not abbreviate.
   Country	The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered.
   Passphrase	(Optional): A password for the SSL. If you leave this field blank, there is no password for the SSL, which can expose you to additional risks.

4. Open the CSR in a text editor and copy all of the text.
5. Paste the full CSR into the SSL request area in your account.