Generate CSR - OpenSSL
Oct 21, 2020
Generate CSR - OpenSSL
Introduction
This article provides step-by-step instructions for generating a Certificate Signing Request (CSR) in OpenSSL. This is most commonly required for web servers such as Apache HTTP Server and NGINX. If this is not the solution you are looking for, please search for your solution in the search bar above.
Switch to a working directory
To generate a CSR in Apache OpenSSL, you can check the video below for a tutorial.
Or, you can follow the step by step guidelines below.
GNU/Linux & Mac OS X users:
Open a terminal and browse to a folder where you would like to generate your keypair
Windows Users:
Navigate to your OpenSSL "bin" directory and open a command prompt in the same location.
Generate a CSR & Private Key:
openssl req -out CSR.csr -new -newkey rsa:2048 -keyout privatekey.key
To generate a 4096-bit CSR you can replace the rsa:2048 syntax with rsa:4096 as shown below.
openssl req -out CSR.csr -new -newkey rsa:4096 -keyout privatekey.key
Note: You will be prompted to enter a password in order to proceed. Keep this password as you will need it to use the Certificate.
Fill out the following fields as prompted:
Note: The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?.,&
| Field | Example |
|---|---|
| Country Name | US (2 Letter Code) |
| State or Province | New Hampshire (Full State Name) |
| Locality | Portsmouth (Full City name) |
| Organization | GMO GlobalSign Inc (Entity's Legal Name) |
| Organizational Unit | Support (Optional, e.g. a department) |
| Common Name | www.globalsign.com (Domain or Entity name) |
You should now have a Private Key (privatekey.key) which should stay on your computer, and a Certificate Signing Request (CSR.csr), which can be submitted to GlobalSign to sign your public key. Each of these files can be viewed in a plain text editor such as Notepad, TextEdit, Vi, Nano, and Notepad++.
Related Articles
SSL Configuration Test
Check your certificate installation for SSL issues and vulnerabilities.