Menu

Generate CSR - OpenSSL

Mar 16, 2026

Generate CSR - OpenSSL

OVERVIEW: This page provides a walkthrough of instructions in generating a Certificate Signing Request (CSR) with OpenSSL. Web servers like Apache HTTP Server and NGINX need this feature. For more certificate management guides, please refer to this page

 

IMPORTANT: Switch to a working directory. Change your current location in a computer's file system to a specific folder where you intend to perform tasks, run scripts, or manage files. This action ensures that these subsequent commands are executed within that designated folder, preventing clutter and ensuring files are created or accessed in the correct location.

 

Guidelines

  1. Accessing OpenSSL:

    • GNU/Linux & Mac OS X Users: Open a terminal and browse to a folder where you would like to generate your keypair.

    • Windows Users: Access the OpenSSL bin directory and open a command prompt in the same location.

  2. Generating a CSR and a Private Key:

    Encrypted Private Key Syntax: openssl req -out CSR.csr -new -newkey rsa:2048 -keyout privatekey.key
     

    IMPORTANT: You will need to provide a password when prompted. You need this password to access the private key, so make sure you store it safely.
      

    Command

    Purpose

    openssl req

    		 Calls the OpenSSL utility for PKCS#10 X.509 CSR management

    -out CSR.csr

    		 Specifies the name of the output file for the generated CSR

    -new

    		 Indicates that a new certificate request is being created

    -newkey rsa:2048

    Instructs OpenSSL to generate a new RSA (Rivest-Shamir-Adleman)private key with a length of 2048-bits, which is the current industry standard for security

    NOTE: To generate a 4096-bit CSR, replace the rsa:2048 syntax with rsa:4096 as shown. openssl req -out CSR.csr -new -newkey rsa: 4096 -keyout privatekey.key

    -keyout privatekey.key

    Indicates the file name that will be used to store the newly generated private key
    Use privatekey.key to define the private key file name.
  3. Fill out the following fields as prompted:

Field

Requirement

Example

Country Name

Two letter country code

US

State or Province Name

Full state name

New Hampshire

Locality Name

Full city name

Portsmouth

Organization Name

Entity's legal name

GMO GlobalSign Inc

Organizational Unit Name 

Department or division name (Optional)

 Support

Common Name

Domain or entity name. Use the domain name where the certificate will be installed

  • DV and Alpha only require the Common Name (CN) field
  • A wildcard CN should start with an asterisk (*)

 www.globalsign.com

 


NOTE: The following special characters are not accepted in the CSR subject fields and are enforced by Certificate Authorities: < > ~ ! @ # $ % ^ * / \ ( ) ? . , &

Next Steps
You should now have the following files:

  • Private key (privatekey.key) must always remain secure and should never be shared with others.
  • CSR (CSR.csr) can be provided to GlobalSign to issue your certificate.

Both files can be opened using a standard plain‑text editor such as Notepad, TextEdit, Vi, Nano, or Notepad++.

Related Articles

Generate CSR - Internet Information Services (IIS) 5 & 6

Sep 17, 2013, 7:43 AM

Read More

Install SSL Certificate - F5 FirePass

Sep 6, 2013, 6:23 AM

Read More

Certificate Signing Request (CSR) Confirmation

Aug 26, 2013, 12:51 PM

Read More

GlobalSign System Alerts

View recent system alerts.

View Alerts

Atlas Discovery

Scan your endpoints to locate all of your Certificates.

Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support