Article Purpose: This article provides step-by-step instructions for generating a Certificate Signing Request (CSR) in OpenSSL. This is most commonly required for web servers such as Apache HTTP Server and NGINX. If this is not the solution you are looking for, please search for your solution in the search bar above.
Switch to a working directoryGNU/Linux & Mac OS X users:
Open a terminal and browse to a folder where you would like to generate your keypair
Navigate to your OpenSSL "bin" directory and open a command prompt in the same location.
Generate a CSR & Private Key:
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privatekey.key
Note: To generate a 4096-bit CSR you can replace the rsa:2048 syntax with rsa:4096 as shown below.
openssl req -out CSR.csr -new -newkey rsa:4096 -nodes -keyout privatekey.key
Fill out the following fields as prompted:
Note: The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?.,&
|Country Name||US (2 Letter Code)|
|State or Province||New Hampshire (Full State Name)|
|Locality||Portsmouth (Full City name)|
|Organization||GMO GlobalSign Inc (Entity's Legal Name)|
|Organizational Unit||Support (Optional, e.g. a department)|
|Common Name||www.globalsign.com (Domain or Entity name)|
You should now have a Private Key (privatekey.key) which should stay on your computer, and a Certificate Signing Request (CSR.csr), which can be submitted to GlobalSign to sign your public key. Each of these files can be viewed in a plain text editor such as Notepad, TextEdit, Vi, Nano, and Notepad++.