Creating a new Key, CSR, CRT for SSL

Snapt uses standard SSL formats for it’s SSL termination and you can use your preferred method of generating keys and certificates with Snapt. For any users who are uncertain we’ve detailed the basic steps in this article.

If you’re more interested in how to take these and make a PEM please check that post.

What is a Key, CSR and CRT?

So firstly a key (also known as a private key) is private and you should never have to give it to anyone. It is needed as the first entry in your PEM file, but should not be sent out. A key is generated when you generate your CSR, and once you have one can be used to generate other CSRs.

A CSR is a certificate signing request. That’s what you send to your CA (Certificate Authority) to sign and then return as a CRT – the actual usable SSL certificate for your site. Self-signed certificates are when you sign your own CSR and generate a CRT.

Making a fresh Key and CSR

If you are starting from scratch you can generate a .key and .csr for sending to your CA by running the command below. By substituting the hostname in the filenames it will make it easier to manage multiple SSL keys, CSR files etc.

openssl req -out hostname.csr -new -newkey rsa:2048 -nodes -keyout hostname.key

Now you have the hosntame.csr file which you can provide to your Certificate Authority of choice, and the hostname.key file which you will combine with the CRT from them to make a PEM.

Did this answer your question?