Amazon Lightsail

Generating CSR in Amazon Lightsail

This guide outlines the steps required to generate a CSR for this server or platform.

To generate that CSR file, you need to do it on the machine (SSH into it).

1. Connect to your Amazon Lightsail instance using SSH.
2. Run the following command in the SSH browser to generate the CSR and Private key files.
   

   Note: Verify that you replace server with the name of your domain.

   openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

3. Complete the required fields in requested fields:

   

   Country Name: Specify the two-letter country code where your organization is registered. Example: US.
   State/Province: Provide the complete state or province name where your company is registered.
   Locality/City: Provide the full city or locality name where your company is registered.
   Company/Organization: Enter the full legal name of your company.
   Organizational Unit: Enter the department of your company such as IT, HR etc.
   Common Name: Enter the fully qualified domain name for which the SSL will be activated (www.yourdomain.com or yourdomain.com).

   Note: If you are generating an CSR for a Wildcard certificate, make sure your common name starts with an asterisk (e.g., *.example.com).

   • When asked for email address, leave it blank.
   • When asked for a passphrase (challenge password), leave it blank.
   • When asked for an Optional Company Name, leave it blank.
4. It will generate two files: server.key and server.csr.  Open the .csr file with a text editor. Copy the text, including the —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—– tags, and paste it into the SSL configuration page.

Note: Copy server.key this is the private key and should be saved on your end as it will be required for installation.