How to generate CSR for SSL that works with Nginx & Apache?

Question

I want to generate the CSR file for requesting SSL (wildcard) certificate. This certificate and private key will be used on multiple machines with both Apache and Nginx.

RapitSSL states the following commands for the different setups:

• Nginx

  $ openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

• Apache Mod SSL

  $ openssl genrsa -des3 -out <private key file name>.key 2048

• Apache-SSL

  $ openssl genrsa -des3 -out www.yourdomain-example.com.key 2048

Is there a way to generate a CSR that works with both Apache and Nginx?

Answer 1

• Apache Mod SSL

  $ openssl genrsa -des3 -out < private key file name>.key 2048

• Apache-SSL

  $ openssl genrsa -des3 -out www.yourdomain-example.com.key 2048

These two are obviously the exact same command, with a different way of writing the example name. They just generate the key pair, you'd need an additional req command to generate a CSR too.

genrsa generates a key pair, and req generates a CSR. However, req can perform both operations at once when using -newkey.

See OpenSSL req example documentation:

Create a private key and then generate a certificate request from it:

openssl genrsa -out key.pem 1024    
openssl req -new -key key.pem -out req.pem

The same but just using req:

openssl req -newkey rsa:1024 -keyout key.pem -out req.pem

Answer 2

How to generate CSR for SSL that works with Nginx & Apache ...
Is there a way to generate a CSR that works with both Apache and Nginx?

A quick answer to the questions to clarify things... Nginx and Apache don't consume CSRs. They use certificates and private keys.

Perhaps you meant to say something about a self-signed certificate? If so, add the -x509 option to the openssl req command. That creates a self signed certificate rather than a signing request.

There's a lot more to self-signed certificates (and server certificates in general). See, for example, How to create a self-signed certificate with openssl?