A Certificate Signing Request (CSR) is the first step in setting up an SSL Certificate on our website. This is a quick guide on how to generate a CSR using OpenSSL Command.
Generate an RSA Private Key and CSR
We can use the following command to generate both the private key and the CSR. It is advised to issue a new private key each time we generate a CSR.
openssl req -new -newkey rsa:2048 -nodes -keyout your_domain.key -out your_domain.csr
openssl – activates the OpenSSL software
req – indicates that we want a CSR
–new –newkey – generate a new key
rsa:2048 – generate a 2048-bit RSA mathematical key
–nodes – no DES, meaning do not encrypt the private key in a PKCS#12 file
–keyout – indicates the domain we are generating a key for
–out – specifies the name of the file our CSR will be saved as
Enter our CSR Information
Our system should launch a text-based questionnaire for us to fill out. We will get our CSR file in the current directory.
Enter our information in the fields as follows:
Country Name – use a 2-letter country code (US for the United States)
State – the state in which the domain owner is incorporated
Locality – the city in which the domain owner is incorporated
Organization name – the legal entity that owns the domain
Organizational unit name – the name of the department or group in our organization that deals with certificates
Common name – typically the fully qualified domain name (FQDN), i.e. what the users type in a web browser to navigate to our website
Email address – the webmaster’s email address
Challenge password – an optional password for our key pair
Submit the CSR to Certificate Authorities
We can open the .csr file in a text editor to find the alphanumeric code that was generated.
This text can be copied and pasted into a submittal form to request our SSL certificate from a Certificate Authority. Make sure we copy the entire text.