Knowledge Base

How To Create a CSR for Open SSL?

These are the steps you'll need to follow to create a CSR for OpenSSL:

  1. This is the command you'll need to create a private key and public Certificate Signing Request:
    [root@server cert]# openssl req -nodes -newkey rsa:2048 -keyout filename.key -out filename.csr

  2. This command will generate two files. The first file, myserver.key, contains a private key. This is very important in maintaining the integrity of your TLS connections and should never be revealed to anyone.

    Be sure to back up your private key. If you lose it, it cannot be recovered. Make sure that the location where you save your private key copy is highly secure and not accessible from your server. The private key needs to be included with the command for creating a Certificate Signing Request (CSR).

  3. You will now need to enter some information into your CSR.
  4. First you need to input what is known as a Distinguished Name or a DN. For certain fields there is a standard default value. If you wish to leave the field blank, simply enter a '.' .
    Country (2 letter ISO code): AU
    State or Province Name (full name): Western Australia
    Locality Name (city, for example): Perth
    Organization Name: GreatCompany Inc.
    Organizational Unit Name: IT Department
    Common Name: yoursubdomain.yourdomain.com
    Email Address: [email protected]

  5. You'll also have to enter the following:
    A challenge password []:
    An optional company name []:

  6. Use your server name as the Common Name (CN). Add the domain name to the hostname.
  7. For a server certificate, the email address, optional company name and challenge password fields can all be left blank by placing a '.' in the corresponding field.
  8. After these steps, you have created a CSR. Open the server.csr in a text editor and copy what it contains into the enrollment form.
  9. There is an alternative command that you can use to generate a CSR:

    openssl req -nodes -newkey rsa:2048 -nodes -keyout myserver.key -out server.csr 
    -subj "/C=AU/ST=Western Australia/L=Perth/O=GreatCompany Inc./OU=IT Department/CN=yoursubdomain.yourdomain.com"

    NOTE: If "-nodes" is in the command, then the resulting key will not be encrypted with a DES password.


After you receive your SSL Certificate, you can install it.

Did you find this article helpful?

* Your feedback is too short