Search Our Database
How To: Generate SSL CSR (Certificate Signing Request) in Linux Server
How to Generate a CSR (Certificate Signing Request) for SSL Certificates on a Linux Server
A CSR (Certificate Signing Request) is a block of encoded text given to a Certificate Authority when applying for an SSL Certificate. It contains the public key that will be included in the certificate. When generating the CSR, a private key is usually created at the same time, forming a key pair.
Details required for this tutorial:
- Domain Name
- Country Code
- State or Province Name
- City
- Organization Name
- Common Name
- Email Address
Steps to Generate a CSR on a Linux Server
- SSH into your Linux server.
- Run the following command to generate a 4096-bit RSA private key and CSR:
openssl req -newkey rsa:4096 -nodes -keyout www.example.domain.key -out www.example.domain.csr
3. You will be prompted to enter several details. Fill in the required information:
[root@server ~]# openssl req -newkey rsa:4096 -nodes -keyout www.example.domain.key -out www.example.domain.csr Generating a 4096-bit RSA private key ....................................................+++ ..................+++ Writing new private key to 'www.example.domain.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is called a Distinguished Name or DN. There are quite a few fields, but some can be left blank. For some fields, there will be a default value. If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]: MY State or Province Name (full name) []: Selangor Locality Name (eg, city) [Default City]: Bangsar Organization Name (eg, company) [Default Company Ltd]: MyCompany Ltd Organizational Unit Name (eg, section) []: Common Name (eg, your server's hostname) []: www.example.domain Email Address []: admin@example.com Please enter the following 'extra' attributes to be sent with your certificate request: A challenge password []: An optional company name []:
4. Verify the CSR by running the following command:
cat www.example.domain.csr
Example output:
-----BEGIN CERTIFICATE REQUEST----- MIICuzCCAaMCAQAwdjELMAkGA1UEBhMCTVkxETAPBgNVBAgMCFNlbGFuZ29yMRAw DgYDVQQHDAdCYW5nc2FyMRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMSQw IgYDVQQDDBtsaW5rMS5haWFteWlwb3Nkb3dubG9hZC5jb20wggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDySSqK7DMWXYzjxecWiOrtAsp3ffZ4cjJuaa35 W248BP911kmwoCMUNIdG4iTsmtIbPS8y5VnkAK9z94p+Mz0ILkPsdi8rP1YTNkfW 6wp333wpSeW/Epnrt16rkkb73S8vo5dfnp3cFDueQvSi8KdKR3YX5Rw8ovrNN5Mb TscMOA43sVB81iGJMpCqsTd6XoGGqhZDM8ydPxgmvKwiuN1b+dBACaMyUHFKqtPf TGU8a3LyFfpV1wYfUtNZsQkDxZBxxegbdxmaeVJLmgeRE9O9Rr+dVRR/lLvVdPtg LWmLi+12euhf3hzd/fGhkk6cavElOjSR8lTrzSrJXkyeryHLAgMBAAGgADANBgkq hkiG9w0BAQUFAAOCAQEA8MiL9/q+i31x2MGXw1SigE38RTgQ36MeMCUrfsReZQ1u TVZrbaYXfMFpm3VVD7QY+z/xHTSzO3VGWTN5ScqH+QMeadP56cXZx1yqZIe4bHoV yGb48nhAeJSFloRiG+h/K5oMeuiXvupHg739HAiOrUKPm4GtgLJsprcH5II79DMB Fme3Zyl5td1Sz+nByyaRhbD4EEUe6OvSqmYB6JjSqCBUgDlZSpUCUA4V1O1pHGmI xIpYWnEgqbfU0hyZocWep5rZ0v/xwCcvUDjHNprW4Re9qMKYjeZw4s9Bs8YCd8vL XKCzaTp2Z/p0yeSWhxPfhs3Z0nJbBMhC0Vx/xX8N/A== -----END CERTIFICATE REQUEST-----
You now have your CSR ready with a 4096-bit RSA key, which you can submit to a Certificate Authority (CA) to obtain your SSL certificate.
Article posted 15 July 2022 by Nicholas Khoo.