Generate CSR - Apache with OpenSSL

Mar 16, 2026

Generate CSR - Apache with OpenSSL

Guidelines

Navigate to the directory where you want to create the CSR and private key files. 

1. Start OpenSSL by running the openssl command.
2. Run the ls (list) command to verify that the folder or directory is empty.

3. Generating a CSR and a Private Key:

   Encrypted Private Key Syntax: openssl req -out mydomain.csr -new -newkey rsa:2048  -keyout mydomain.key
    

   IMPORTANT: You will need to provide a password when prompted. You need this password to access the private key, so make sure you store it safely.

    

   Command	Purpose
   openssl req	Calls the OpenSSL utility for creating and processing PKCS#10 X.509 certificate requests
   -out mydomain.csr	Specifies the name of the output file for the generated CSR
   -new	Indicates that a new certificate request is being created
   -newkey rsa:2048	Automatically generates a new RSA (Rivest-Shamir-Adleman) private key with a length of 2048-bits, which is the current industry standard for security NOTE: To generate a 4096-bit CSR, replace the rsa:2048 syntax with rsa:4096 as shown. openssl req -out mydomain.csr -new -newkey rsa:4096  -keyout mydomain.key
   -keyout mydomain.key	Indicates the file name that will be used to store the newly generated private key. Use mydomain.key to define the private key file name.

4. Fill out the following fields as prompted:

NOTE: The following special characters are not accepted in the CSR subject fields and are enforced by Certificate Authorities: < > ~ ! @ # $ % ^ * / \ ( ) ? . , &

Next Steps
You should now have the following files:

• Private key (mydomain.key), must always remain secure and should never be shared with others.
• CSR (mydomain.csr) can be provided to GlobalSign to issue your certificate.

Both files can be opened using a standard plain‑text editor such as Notepad, TextEdit, Vi, Nano, or Notepad++.