View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions Certificate Signing Request
Log in to Ask a Question

Certificate Signing Request

development

This is probably a silly question…. but if someone knows the answer, feel free to enlighten me. :D

Does a CSR have to be generated using the machine the SSL certificate is to be installed on?

Or, can a CSR be generated on a Linode and used to purchase an SSL cert, then the cert installed on a completely different server?

Any things I should know?

3 Replies

You can generate the CSR anywhere. All you need to do to move it is copy the files over (you'll need the cert and the private key). Remember though, certs are tied to the name of the server, so it will only work properly if the name it authenticates is on the server you move it to.

But other than that, they are portable. If you have access to a box with an X server, TinyCA is a handy little utility for generating CSRs and is much easier to used than the CL tools. You can even use it to easily administer your own CA for testing certs. :D

I use TinyCA to run my own CA because most of my services are just there for myself to use. I import my own root cert to all my machines and then everything just works and I don't have to pay.

–James

Wow nice, I'll have to look at TinyCA :)

Thanks!

You may also want to check out www.cacert.org - they are a legitimate free CA that is working towards inclusion in browsers and other software. They also have instructions on their site for generating a CSR with openssl.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct