Creating an SSL Certificate

There are these steps that you need to follow:

  • Create a private key
  • Create CSR (Certificate Signing Request)
  • Submit the CSR to a Certificate Authority
  • Upload the Signed Certificate

Create a private key

openssl genrsa 2048 > private-key.pem

Create CSR (Certificate Signing Request)

openssl req -new -key private-key.pem -out csr.pem

The output will look similar to the following example:

You are about to be asked to enter information that will be incorporated 
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank.
For some fields there will be a default value.
If you enter '.', the field will be left blank.


The following table can help you create your certificate request.




Country Name

The two-letter ISO abbreviation for your country.

US = United States

State or Province

The name of the state or province where your organization is located. This name cannot be abbreviated.


Locality Name

The name of the city where your organization is located.


Organization Name

The full legal name of your organization. Do not abbreviate your organization name.

Example Corp.

Organizational Unit

Optional, for additional organization information.


Common Name

The fully qualified domain name for your CNAME. You will receive a certificate name check warning if this is not an exact match.

Email address

The server administrator's email address

Submit the CSR to a Certificate Authority

Here you will need to submit CSR to a certificate authority lik for (example)[]

Upload the Signed Certificate

Go to AWS console and in the load balancer->instance->listeners->change then upload/update it with the new certificate.

zip --password (password) files

This link may help on how to create an RSA.