Search Our Database

How To: Generate SSL CSR (Certificate Signing Request) in Linux Server

Last updated on |

A CSR or Certificate Signing request is a block of encoded text that is given to a Certificate Authority when applying for an SSL Certificate.
 
It also contains the public key that will be included in the certificate. A private key is usually created at the same time that you create the CSR, making a key pair.
 
Follow the tutorial below to generate a CSR Request , required for generating a SSL Certificate
 
Details Required for this tutorial :

  • Your Domain Name
  • Country Code
  • State or Province Name
  • City
  • Organization Name
  • Common Name
  • Email Address

 
1. Login to the server thru the terminal or SSH
 
Type the following command, edit the www.example.domain according to the domain that you wish to renew SSL for, including www at the front
 

openssl req -newkey rsa:2048 -nodes -keyout www.example.domain.key -out www.example.domain.csr

 
It will prompt as below. Fill in all the details below:
 

[root@cis-cld01 ~]# openssl req -newkey rsa:2048 -nodes -keyout www.example.domain.key -out www.example.domain.csr
Generating a 2048 bit RSA private key
....................................................+++
.................+++
writing new private key to 'www.example.domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:MY
State or Province Name (full name) []:Selangor
Locality Name (eg, city) [Default City]:Bangsar
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []: www.example.domain
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

 
2. Once generated, you can check the the CSR by executing below command
 

cat  www.example.domain.csr

 
Example:
 

[root@cis-cld01 ~]# cat  www.example.domain.csr
-----BEGIN CERTIFICATE REQUEST-----
MIICuzCCAaMCAQAwdjELMAkGA1UEBhMCTVkxETAPBgNVBAgMCFNlbGFuZ29yMRAw
DgYDVQQHDAdCYW5nc2FyMRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMSQw
IgYDVQQDDBtsaW5rMS5haWFteWlwb3Nkb3dubG9hZC5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDySSqK7DMWXYzjxecWiOrtAsp3ffZ4cjJuaa35
W248BP911kmwoCMUNIdG4iTsmtIbPS8y5VnkAK9z94p+Mz0ILkPsdi8rP1YTNkfW
6wp333wpSeW/Epnrt16rkkb73S8vo5dfnp3cFDueQvSi8KdKR3YX5Rw8ovrNN5Mb
TscMOA43sVB81iGJMpCqsTd6XoGGqhZDM8ydPxgmvKwiuN1b+dBACaMyUHFKqtPf
TGU8a3LyFfpV1wYfUtNZsQkDxZBxxegbdxmaeVJLmgeRE9O9Rr+dVRR/lLvVdPtg
LWmLi+12euhf3hzd/fGhkk6cavElOjSR8lTrzSrJXkyeryHLAgMBAAGgADANBgkq
hkiG9w0BAQUFAAOCAQEA8MiL9/q+i31x2MGXw1SigE38RTgQ36MeMCUrfsReZQ1u
TVZrbaYXfMFpm3VVD7QY+z/xHTSzO3VGWTN5ScqH+QMeadP56cXZx1yqZIe4bHoV
yGb48nhAeJSFloRiG+h/K5oMeuiXvupHg739HAiOrUKPm4GtgLJsprcH5II79DMB
Fme3Zyl5td1Sz+nByyaRhbD4EEUe6OvSqmYB6JjSqCBUgDlZSpUCUA4V1O1pHGmI
xIpYWnEgqbfU0hyZocWep5rZ0v/xwCcvUDjHNprW4Re9qMKYjeZw4s9Bs8YCd8vL
XKCzaTp2Z/p0yeSWhxPfhs3Z0nJbBMhC0Vx/xX8N/A==
-----END CERTIFICATE REQUEST-----

 
3. Your Private Key for the certificate is stored in www.example.domain.key
 
you can check the the Private Key by executing below command
 

cat  www.example.domain.key

 
Example:
 

[root@cis-cld01 ~]# cat  www.example.domain.csr
-----BEGIN CERTIFICATE REQUEST-----
MIIEYjCCAkoCAQAwHTEbMBkGA1UEAwwSd3d3LmV4YW1wbGUuZG9tYWluMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvX5LpKSR4adYAjC0VN1ZQfmY51yb
uaWfH30uQps9gVHbcpfO3kI3a2SLKA5ar221n/EFTwykOZVy5+ldOPUb+SblRFtI
cJiOW5dQcWCLS8xLTf6iy763CneWVSGU84Ht4S/SvXx5bCvb1Z0HRCswXOtrAm+q
WP57LN73bQlgtuxQyWX8dgs9lcMuVunWJbrQJOO2WkWloFGI14+jIaKLJJZdfme4
hrjeua2SSruVx9TrwVwquZZvGousAWnjFUbnIwaXv9cpEPeuHZ2XkoZPqEdqfs2t
8ZtloYzHdYR/eeGi51yQB782od47TDZYnC45z5QQCs7hEQluQO9nq/AELd8YfMPI
ImsEuiubzXuqAgG4nq75WAGfnU6trpOZ+OwSEHxrX51bdSzOOQYWx3SZW0fCjmvY
9JjKYYKOI1DqhH2CJWQ5wBqr9PtvnZI61f31+2sYiwdxX/q4kJJw2gfsTWsY9p+D
j6n2p86Je4RSAajmlNGomE5hR5nXHyWyVqXEKRrMkqYRB+svIT37v02NCh9PzqCI
YWkQqzUsh+95RwiaKgSlPCycAZCfdzKeI5h35WL9d2EzvmyGhUa0reD99MlkH1Wi
oCGfbwP4/6ruChLP+OxhWsBAG+Q6CaU66bbVdmcKmCdaJA93hiQ6ZV3soSgFBEsJ
JORk12vvoUaoZucCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQBKOUKzOiAOj1U6
mTpaRTbs4EK1rfQpEKjck7JoGxYf2v1MdG5E9Bm2HZ6mS95spg/JWgVmw5W2ExvI
5NZ9mRUeD9unYFdMT7U4/O1I2L2FCqxtwyiEVQArsYrq/TUb7gmVzIR3rlrUbGCu
G7iJaTjZB0ziKRcM7mTR7NkBaCPf9bE05EdCKNf5GPTjPhMrabhO6cj/gOtvQRUW
VgzTHRDbWxw1VFGYxQXK/7gp2TdjJcXAef8nzz+QembDXZWo4Ykdk1x67iGUDcok
Cpz98tW0su+x7T11cgFtOild4hB+VVgLUGzBYZHOjrvmsSEWXh0OIhzdRauLdfu5
Y8/lXuFaCNy/rC+HDvXtucm2oqDZKb3EmwQ9Qh64wpstnQnvrmC0jYzntPzbyJnp
MX6MSZyWlvh4Oi1uxzqkmkSoT0T5CvI5zwH3jxSSJo/blsArrkHGnTI6/YJvQ2eP
v87nlZQf7MA+BS0royr6i14ozhhpJj3O6d/3WIT2s7Q2v7fEh418w7AORBtPA7wb
zVpSQt4rTr8o52ebFqZht5LbmACy/PYJlyLj0lAdGO9jCmTJoWRaSOXbYZPR2k9A
Lw8tcm/drk8lm3iXsg+kPnC/V2ObVX/gL6sNPBKMFg27w5IAtsINnZt1HKxubBRE
Vjfboa8YD51Mr2bYST0jtrHQKrMOVA==
-----END CERTIFICATE REQUEST-----