1. Home
  2. Misc
  3. Creating a new Key and CSR for SSL

Creating a new Key and CSR for SSL

Snapt Aria uses standard SSL certificates (CRT and Key) for its SSL termination and you can use your preferred method of generating keys and certificates for Snapt Aria.

The SSL accelerator uses a key and crt pair while our load balancer uses both files combined into a single PEM formatted file.

For any users who are uncertain, we have detailed the basic steps in this article, but if you already have a key and CSR and would like to create an SSL certificate with it, then please follow this guide – Creating a PEM file.

What is a Key, CSR and CRT?

A key, which is also referred to as a private key, is needed as the first entry in your PEM file, but should not be sent out. A key is generated when you generate your CSR, and once you have one then you can use it to generate further CSRs.

A CSR is a certificate signing request, which is what you send to your CA (Certificate Authority) to sign. Your CA then returns a CRT which is actually the usable certificate for your site. Self-signed certificates are when you sign your own CSR and generate a CRT.

Making a fresh Key and CSR

If you are starting from scratch you can generate a .key and .csr for sending to your CA by running the command below. By substituting the hostname as the filenames it will make it easier to manage multiple SSL keys, CSR and CRT files.

openssl req -out hostname.csr -new -newkey rsa:2048 -nodes -keyout hostname.key

Now you have the hostname.csr file which you can provide to your Certificate Authority of choice, and the hostname.key file which you will combine with the CRT from them to make a PEM.


Updated on April 9, 2020

Was this article helpful?

Related Articles