How to generate a CSR using openssl?

generate-csr-using-openssl

CSR (Certificate Signing Request) will encrypt text that an applicant sends to the CA to validate for issuing an SSL certificate.

CSR represents a Certificate Signing Request, an integral part of an SSL certificate, and is an encrypted text that an applicant sends to the Certificate Authority (CA) to validate the information for issuing the certificate.

The certificate for which you have requested will only work with the private key generated with the CSR. The public key used in the SSL certificate is also used to sign the CSR. Upon gathering CSR data, the CA creates a certificate.

CSR contains three fractions such as certificate information, a signature algorithm identifier, and a digital signature.

In this article, we will show you how to generate a CSR(Certificate Signing Request) using OpenSSL tools.

Step 1: Connect via Secure Shell (SSH) to your server’s terminal or get access to the terminal of any machine with OpenSSL installed on it.

Step 2: Create the private key and CSR files

Type the following command at the prompt:

openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr

Don’t forget to replace example.com with your real domain name. For example, if your domain is anoma.com.np, you type anoma.com.np.key and anoma.com.np.csr

Step 3: Provide up-to-date details about your company to the CA

Include the following information in the CSR. Please, use only alphanumeric characters when entering your details.

Content of CSR:

    • Country Name: enter the two-letter code of your country. If you have a Business Validation or Extended Validation certificate, make sure the country you submit, is the official residence of your organization
    • State or Province Name: type the full name of the state or region where your company is registered
    • Locality Name: specify the name of the city or town where your business is located
    • Organization Name: enter the officially registered name of your company. For instance, GPI Holding LLC. For Domain Validation certificates, you can put in NA instead
    • Organization Unit Name: it’s usually IT or Web Administration. You can use NA for DV certificates
    • Common Name: specify the Fully Qualified Domain Name (FQDN) to which you want to assign your SSL certificate. For example, anoma.com.np. If you want to activate a wildcard certificate, add an asterisk in front of your domain name (e.g. *.anoma.com.np)
    • Email Address: provide a valid email address
      Note: Next attributes are optional. If you don’t want to fill them in input a dot (.) to leave them blank.
    • A challenge password: this is an obsolete attribute, no longer required by the Certificate Authorities. To avoid any confusion, leave this field blank
    • An Optional Company Name: If your official company name seems too long or complex, you can enter a shorter name or your brand name here. Again, to avoid confusion, we recommend ignoring this field

Step 4: The OpenSSL utility will create two files.

  1. key containing your private key (you will need it later during SSL installation)
  2. csr incorporating your CSR code (you will need it when applying for your SSL certificate)

Depending on the type of your cert, you may have to wait for a few minutes (DV certs) or a couple of business days (EV and BV certs) for it to arrive in your email inbox.

After your CA validates the CSR and issues the SSL certificate, you can proceed to apply for certificates.

Write a comment

Your email address will not be published. All fields are required