A Certificate Signing Request (CSR) is an intermediate form of an SSL certificate that enables a Certificate Authority (CA) to generate a signed SSL certificate and verify the identity of a domain’s owner. A CSR is an encoded file that provides you with a standardized way to send us your public key along with some information that identifies your company and domain name.
In this article we will help you how to generate SSL CSR in Linux.
Install Required Packages:
First we need to install the required packages. If the required packages is already installed then ignore this step.
# yum install openssl mod_ssl
Generate Private Key:
Before generating the CSR we need to generate the private key file. Run the below command to generate the key.
# openssl genrsa -out www.techoism.com.key 2048
Generating RSA private key, 2048 bit long modulus
e is 61764 (0x01001)
Enter pass phrase for www.techoism.com.key:
Verifying - Enter pass phrase for www.techoism.com.key:
Generate a Certificate Signing Request (CSR):
After generating private key, next you need to generate CSR using the above key. The command will ask some information regarding the domain.
# openssl req -new -key www.techoism.com.key -out www.techoism.com.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) :Chandigarh
Locality Name (eg, city) [Default City]:Chandigarh
Organization Name (eg, company) [Default Company Ltd]:Techoism Pvt. Ltd.
Organizational Unit Name (eg, section) :BLOG
Common Name (eg, your name or your server's hostname) :www.techoism.com
Email Address :email@example.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password :
An optional company name :
You can also create the private key and CSR file using single command. The command first generate the private key then it will generate the CSR.
# openssl req -new -newkey rsa:2048 -nodes -keyout www.techoism.com.key -out www.techoism.com.csr
Now CSR has been generated successfully, use this file to order the SSL certificate.