Search Our Database

How To: Generate SSL CSR (Certificate Signing Request) in Linux Server

Last updated on |

How to Generate a CSR (Certificate Signing Request) for SSL Certificates on a Linux Server

A CSR (Certificate Signing Request) is a block of encoded text given to a Certificate Authority when applying for an SSL Certificate. It contains the public key that will be included in the certificate. When generating the CSR, a private key is usually created at the same time, forming a key pair.

Details required for this tutorial:

  • Domain Name
  • Country Code
  • State or Province Name
  • City
  • Organization Name
  • Common Name
  • Email Address

Steps to Generate a CSR on a Linux Server

  1. SSH into your Linux server.
  2. Run the following command to generate a 4096-bit RSA private key and CSR:
openssl req -newkey rsa:4096 -nodes -keyout www.example.domain.key -out www.example.domain.csr

 

3. You will be prompted to enter several details. Fill in the required information:

 

[root@server ~]# openssl req -newkey rsa:4096 -nodes -keyout www.example.domain.key -out www.example.domain.csr
Generating a 4096-bit RSA private key
....................................................+++
..................+++
Writing new private key to 'www.example.domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is called a Distinguished Name or DN.
There are quite a few fields, but some can be left blank.
For some fields, there will be a default value.
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]: MY
State or Province Name (full name) []: Selangor
Locality Name (eg, city) [Default City]: Bangsar
Organization Name (eg, company) [Default Company Ltd]: MyCompany Ltd
Organizational Unit Name (eg, section) []: 
Common Name (eg, your server's hostname) []: www.example.domain
Email Address []: admin@example.com

Please enter the following 'extra' attributes to be sent with your certificate request:
A challenge password []: 
An optional company name []: 

 

4. Verify the CSR by running the following command:

cat www.example.domain.csr

 

Example output:

-----BEGIN CERTIFICATE REQUEST-----
MIICuzCCAaMCAQAwdjELMAkGA1UEBhMCTVkxETAPBgNVBAgMCFNlbGFuZ29yMRAw
DgYDVQQHDAdCYW5nc2FyMRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMSQw
IgYDVQQDDBtsaW5rMS5haWFteWlwb3Nkb3dubG9hZC5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDySSqK7DMWXYzjxecWiOrtAsp3ffZ4cjJuaa35
W248BP911kmwoCMUNIdG4iTsmtIbPS8y5VnkAK9z94p+Mz0ILkPsdi8rP1YTNkfW
6wp333wpSeW/Epnrt16rkkb73S8vo5dfnp3cFDueQvSi8KdKR3YX5Rw8ovrNN5Mb
TscMOA43sVB81iGJMpCqsTd6XoGGqhZDM8ydPxgmvKwiuN1b+dBACaMyUHFKqtPf
TGU8a3LyFfpV1wYfUtNZsQkDxZBxxegbdxmaeVJLmgeRE9O9Rr+dVRR/lLvVdPtg
LWmLi+12euhf3hzd/fGhkk6cavElOjSR8lTrzSrJXkyeryHLAgMBAAGgADANBgkq
hkiG9w0BAQUFAAOCAQEA8MiL9/q+i31x2MGXw1SigE38RTgQ36MeMCUrfsReZQ1u
TVZrbaYXfMFpm3VVD7QY+z/xHTSzO3VGWTN5ScqH+QMeadP56cXZx1yqZIe4bHoV
yGb48nhAeJSFloRiG+h/K5oMeuiXvupHg739HAiOrUKPm4GtgLJsprcH5II79DMB
Fme3Zyl5td1Sz+nByyaRhbD4EEUe6OvSqmYB6JjSqCBUgDlZSpUCUA4V1O1pHGmI
xIpYWnEgqbfU0hyZocWep5rZ0v/xwCcvUDjHNprW4Re9qMKYjeZw4s9Bs8YCd8vL
XKCzaTp2Z/p0yeSWhxPfhs3Z0nJbBMhC0Vx/xX8N/A==
-----END CERTIFICATE REQUEST-----

You now have your CSR ready with a 4096-bit RSA key, which you can submit to a Certificate Authority (CA) to obtain your SSL certificate.

 

Article posted 15 July 2022 by Nicholas Khoo.