OpenSSL - Generate CSR

A Certificate Signing Request (CSR) is required to order an SSL certificate. Once you generated a CSR, a private key will also be generated on your web server. If you want to create a wildcard certificate, you need to submit an * (asterisk) as common name. For example; *

Generating a CSR with the OpenSSL Command

For creating a CSR you must be logged in to the server via an SSH connection. Use the cd command to navigate to the folder in which the certificates should be saved:

cd /etc/ssl/certs/

CSR with RSA private key

The following command can be used to generate the CSR with SHA1:

openssl req -utf8 -nodes -newkey rsa:2048 -keyout www_domainname_com.key -out www_domainname_com.csr

For generating the CSR with a SHA2 hash, the -SHA256 tag is added to the command:

openssl req -utf8 -nodes -sha256 -newkey rsa:2048 -keyout www_domainname_com.key -out www_domainname_com.csr

CSR with ECC private key

When an ECC key is needed, it's required to enter two commands. One for generating the key, and the 2nd for the CSR:

  • openssl ecparam -out server.key -name prime256v1 -genkey
  • openssl req -new -key server.key -out server.csr

Once you executed either the RSA of ECC method, you will now be asked to enter some fields like the common name, company name, department, country name, and locality. The information given in the CSR needs to be correct and valid since it corresponds to the whois information of the domain name and the Chamber of Commerce if applicable. The fields Email Address, Optionally company name and challenge password can be left empty when applying for a web server certificate.

OpenSSL generates two files: the CSR (with the name format www_domainname_com.csr) and the Private Key (with the name format www_domainname_com.key)

  • Country Name (2 letter code) [AU]: NL
  • State or Province Name (full name) [Some-State]: Overijssel
  • Locality Name (eg, city): Zwolle
  • Organization Name (eg, company) [Internet Widgits Pty Ltd]: Bedrijfsnaam
  • Organizational Unit Name (eg, section) []: IT
  • Common Name (eg, YOUR name) []:
  • Email Address []: (optional)
  • A challenge password []: (optional)
  • An optional company name []: (optional)

For the Common Name (CN) it is advised to enter the full qualified domain name (FQDN) including the www. example

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us