Generating a CSR Locally with OpenSSL

A CSR or Certificate Signing Request is a block of encoded text that is given to a Certificate Authority when applying for an SSL Certificate. This article will walk you through generating a CSR on your server using OpenSSL.

OpenSSL is the de-facto standard for key and CSR generation on a webserver environment.  These CSR’s can then be handed to a Certificate Authority to obtain a SSL certificate to facilitate secure traffic to and from your server.  OpenSSL is free, open source, and secure, so it is the recommended solution to create your CSR’s from.

Prerequisites

A Linux server

Generating a CSR

First log into your server, and navigate to the directory you would like to generate the CSR in.  Once there, run the following:

openssl req -new -newkey rsa:2048 -nodes -keyout .key -out .csr

Be sure to replace in the above command with the appropriate domain name of the site you are creating a CSR for.  If everything looks good hit enter.

OpenSSL will then prompt you for some information which it incorporates into the generated CSR.  Answer these prompts to the best of your ability.  A run-down of the prompts and the answers they are looking for is provided below:

Country Name (2 letter code) []:
State or Province Name (full name) []:
Locality Name (eg, city) []:
Organization Name (eg, company) []:
Organizational Unit Name (eg, section) []:
Common Name (eg, fully qualified host name) []:
Email Address []:
  • Country Name is the country the CSR is being generated for.  This is required to be a two letter country code as denoted by ISO-3166, which is the best place to look if you are unsure what your country code is.
  • State or Province Name is pretty self explanatory, but it is important to note that the full province name is required.  As an example, do not use IA or TX, instead use Iowa or Texas.
  • Locality Name is the city or township in which you reside.
  • Organization Name is usually the name of the owner of the site, such as a business or other organization.
  • Organizational Unit Name is an optional field and can be left blank.  It is meant to be used to denote what department or sub-unit within an organization owns the site.
  • Common Name is the domain name of the site to be secured by a certificate.
  • Email Address is also optional, and is meant to denote the webmaster email for the website.

Next, OpenSSL will prompt you for a pass-phrase.  This is optional, but is recommended for better security.  Be sure to choose a phrase that is either easy for you to remember, or can be noted and stored securely.

OpenSSL will then generate a key-file and a .csr inside the directory the command was run in.  It will also then exit without output to the terminal.  When you see the command prompt return, you know the process is complete.  Now simply ‘ls’ to find your file.

Next Steps

Now that you have a CSR generated, you will want to bring it to a Certificate Authority to request a SSL certificate.  Follow the guidelines and instructions of your chosen Certificate Authority to obtain a certificate.

Managing users on CentOS 8

When you initially set up your server, you will only have root access. For security purposes logging directly into your server as root should be disabled. Since root login will be disabled, in this article we will go over how to disable root access and creating new users so that you may access your server. 

 

Prerequisites:

  •  CentOS server
  •  Root access

 

First, you need to disable root login access. You want to disable this access to prevent any malicious actors from brute-forcing the password and thus gaining root access to your server. With root access, hackers will be able to do all kinds of nasty things that may run up the CPU usage, which will cost you a lot of money. 

 

Using the text editor of your choice edit  the /etc/passwd file set the root account shell to /sbin/nologin

 

Next, let’s add a user using the following command. 

sudo adduser username

 

Add a password for the user you created. 

passwd username

 

Delete a user using the following command. 

 

userdel username

 

When you create a new user on your server, that user will need to have root privileges granted to them. This will allow them to run commands with root permissions. 

sudo gpasswd -a username wheel

 

In this article, we went over how to create and delete users, how to grant users with root permissions, and disabling root login access on your server. 

Managing users on CentOS 7

When you initially set up your server, you will only have root access. For security purposes logging directly into your server as root should be disabled. Since root login will be disabled, in this article we will go over how to disable root access and creating new users so that you may access your server. 

 

Prerequisites:

  •  CentOS server
  •  Root access

 

First, you need to disable root login access. You want to disable this access to prevent any malicious actors from brute-forcing the password and thus gaining root access to your server. With root access, hackers will be able to do all kinds of nasty things that may run up the CPU usage, which will cost you a lot of money. 

 

Using the text editor of your choice edit  the /etc/passwd file set the root account shell to /sbin/nologin

 

Next, let’s add a user using the following command. 

sudo adduser username

 

Add a password for the user you created. 

passwd username

 

Delete the user using the following command. 

userdel username

 

When you create a new user on your server, that user will need to have root privileges granted to them. This will allow them to run commands with root permissions. 

sudo gpasswd -a username wheel

 

In this article, we went over how to create and delete users, how to grant users with root permissions, and disabling root login access on your server. 

Managing users on Fedora 31

When you initially set up your server, you will only have root access. For security purposes logging directly into your server as root should be disabled. Since root login will be disabled, in this article we will go over how to disable root access and creating new users so that you may access your server. 

 

Prerequisites:

  •  Fedora server
  •  Root access

 

First, you need to disable root login access. You want to disable this access to prevent any malicious actors from brute-forcing the password and thus gaining root access to your server. With root access, hackers will be able to do all kinds of nasty things that may run up the CPU usage, which will cost you a lot of money. Use the text editor of your choice to edit the file /etc/ssh/sshd_config. Update the following to match this line. 

PermitRootLogin no

 

Next, let’s add a new user. 

sudo adduser username

 

To delete a user the following line.

sudo deluser username

 

When adding a new user you will need to grant root privileges to the user, which will allow them to run commands with root permissions. 

sudo usermod -aG wheel username

 

To add or delete users to a group use the following line. 

sudo groupadd groupname
sudo groupdel groupname

 

We have gone over how to disable root login access, create and delete users, create and delete groups and adding users to said groups. 

Managing users on Fedora 30

When you initially set up your server, you will only have root access. For security purposes logging directly into your server as root should be disabled. Since root login will be disabled, in this article we will go over how to disable root access and creating new users so that you may access your server. 

 

Prerequisites:

  •  Fedora server
  •  Root access

 

First, you need to disable root login access. You want to disable this access to prevent any malicious actors from brute-forcing the password and thus gaining root access to your server. With root access, hackers will be able to do all kinds of nasty things that may run up the CPU usage, which will cost you a lot of money. Use the text editor of your choice to edit the file /etc/ssh/sshd_config. Update the following to match this line. 

PermitRootLogin no

 

Next, let’s add a new user. 

sudo adduser username

 

To delete a user the following line.

sudo deluser username

 

When adding a new user you will need to grant root privileges to the user, which will allow them to run commands with root permissions. 

sudo usermod -aG wheel username

 

To add or delete users to a group use the following line. 

sudo groupadd groupname

sudo groupdel groupname

 

We have gone over how to disable root login access, create and delete users, create and delete groups and adding users to said groups. 

Managing users on Fedora 29

When you initially set up your server, you will only have root access. For security purposes logging directly into your server as root should be disabled. Since root login will be disabled, in this article we will go over how to disable root access and creating new users so that you may access your server. 

 

Prerequisites:

  •  Fedora server
  •  Root access

 

First, you need to disable root login access. You want to disable this access to prevent any malicious actors from brute-forcing the password and thus gaining root access to your server. With root access, hackers will be able to do all kinds of nasty things that may run up the CPU usage, which will cost you a lot of money. Use the text editor of your choice to edit the file /etc/ssh/sshd_config. Update the following to match this line. 

PermitRootLogin no

 

Next, let’s add a new user. 

sudo adduser username

 

To delete a user the following line.

sudo deluser username

 

When adding a new user you will need to grant root privileges to the user, which will allow them to run commands with root permissions. 

sudo usermod -aG wheel username

 

To add or delete users to a group use the following line. 

sudo groupadd groupname

sudo groupdel groupname

 

We have gone over how to disable root login access, create and delete users, create and delete groups and adding users to said groups. 

Managing users on Debian 10

When you initially set up your server, you will only have root access. For security purposes logging directly into your server as root should be disabled. Since root login will be disabled, in this article we will go over how to disable root access and creating new users so that you may access your server. 

 

Prerequisites:

  •  Debian server
  •  Root access

 

First, you need to disable root login access. You want to disable this access to prevent any malicious actors from brute-forcing the password and thus gaining root access to your server. With root access, hackers will be able to do all kinds of nasty things that may run up the CPU usage, which will cost you a lot of money. Use the text editor of your choice to edit the file /etc/ssh/sshd_config. Update the following to match this line. 

PermitRootLogin no

 

Next, let’s add a new user. 

sudo adduser username

 

To delete a user the following line.

sudo deluser username

 

When adding a new user you will need to grant root privileges to the user, which will allow them to run commands with root permissions. 

sudo usermod -aG wheel username

 

To add or delete users to a group use the following line. 

sudo groupadd groupname

sudo groupdel groupname

 

We have gone over how to disable root login access, create and delete users, create and delete groups and adding users to said groups. 

Managing users on Debian 9

When you initially set up your server, you will only have root access. For security purposes logging directly into your server as root should be disabled. Since root login will be disabled, in this article we will go over how to disable root access and creating new users so that you may access your server. 

 

Prerequisites:

  •  Debian server
  •  Root access

 

First, you need to disable root login access. You want to disable this access to prevent any malicious actors from brute-forcing the password and thus gaining root access to your server. With root access, hackers will be able to do all kinds of nasty things that may run up the CPU usage, which will cost you a lot of money. Use the text editor of your choice to edit the file /etc/ssh/sshd_config. Update the following to match this line. 

PermitRootLogin no

 

Next, let’s add a new user. 

sudo adduser username

 

To delete a user the following line.

sudo deluser username

 

When adding a new user you will need to grant root privileges to the user, which will allow them to run commands with root permissions. 

sudo usermod -aG wheel username

 

To add or delete users to a group use the following line. 

sudo groupadd groupname

sudo groupdel groupname

 

We have gone over how to disable root login access, create and delete users, create and delete groups and adding users to said groups. 

Managing users on Ubuntu 20.04

When you initially set up your server, you will only have root access. For security purposes logging directly into your server as root should be disabled. Since root login will be disabled, in this article we will go over how to disable root access and creating new users so that you may access your server. 

 

Prerequisites:

  •  Ubuntu server
  •  Root access

 

First, you need to disable root login access. You want to disable this access to prevent any malicious actors from brute-forcing the password and thus gaining root access to your server. With root access, hackers will be able to do all kinds of nasty things that may run up the CPU usage, which will cost you a lot of money. 

sudo passwd -l root

 

Now that root login is disabled, when you want to log into the server you will do so as a user (that we will create next), then sudo up to the root user when you need root access. 

sudo adduser username

 

When you need to switch to the root user you can run the following command. 

sudo -i

 

Deleting users is done with the following command. 

sudo deluser username

Note: when you run this command you will also need to delete the home folder for that user

 

You can create a group by running this command. 

sudo addgroup groupname

 

To delete a group run the following command. 

sudo delgroup groupname

 

When you create a group and you want to add users to that group you can run this command. 

sudo adduser username groupname

 

We have gone over how to disable root login access, create and delete users, create and delete groups and adding users to said groups. 

Managing users on Ubuntu 19.04

When you initially set up your server, you will only have root access. For security purposes logging directly into your server as root should be disabled. Since root login will be disabled, in this article we will go over how to disable root access and creating new users so that you may access your server. 

 

Prerequisites:

  •  Ubuntu server
  •  Root access

 

First, you need to disable root login access. You want to disable this access to prevent any malicious actors from brute-forcing the password and thus gaining root access to your server. With root access, hackers will be able to do all kinds of nasty things that may run up the CPU usage, which will cost you a lot of money. 

sudo passwd -l root

 

Now that root login is disabled, when you want to log into the server you will do so as a user (that we will create next), then sudo up to the root user when you need root access. 

sudo adduser username

 

When you need to switch to the root user you can run the following command. 

sudo -i

 

Deleting users is done with the following command. 

sudo deluser username

Note: when you run this command you will also need to delete the home folder for that user

 

You can create a group by running this command. 

sudo addgroup groupname

 

To delete a group run the following command. 

sudo delgroup groupname

 

When you create a group and you want to add users to that group you can run this command. 

sudo adduser username groupname

 

We have gone over how to disable root login access, create and delete users, create and delete groups and adding users to said groups.