Open SSL Creating Certificate Signing Request — CSR Generation

A Certificate Authority will use a CSR to create your SSL certificate.

What is a CSR? A CSR or ‘Certificate Signing Request’ is a block of encrypted text, that is generated on the server that the certificate will be used on.

It contains information that will be included in your certificate, such as your organization name, common name (domain name), locality, and country. It also contains the public key that will be included in your certificate.

Run these OpenSSL commands, to generate your Certificate Signing Request.

Step 1: Generate a Private Key

$ openssl genrsa -out 2048

If you need just to renew existence certificate and you already have the private key, you can skip this step and use it, instead of generating new one.

The number 2048 is the size of the key, in bits. Today, 2048 or higher is recommended for RSA keys, as fewer amount of bits is consider insecure or to be insecure pretty soon.

Step 2: Generate the CSR

$ openssl req -new -key -out

The fields, required in a Certificate Signing Request, are listed below with explanations and examples :

Distinguished Name FieldExplanationExample
Common Name The fully qualified domain name (FQDN) for your web server. This must be an exact match. If you intend to secure the URL, then your CSR’s common name must be:
Organisation The exact legal name of your organisation. Do not abbreviate your organisation name. ShellHacks Ltd.
Organisation Unit Section of the organisation, can be left empty if this does not apply to your case. Development department
City/Locality The city where your organisation is legally located. Balham
State/County/Region The state/county/region where your organisation is legally located. Must not be abbreviated. London
Country The two-letter ISO abbreviation for your country. GB
Email address The email address used to contact your organisation.
0 (0)
Article Rating (No Votes)
Rate this article
There are no attachments for this article.
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
How to configure an SSH proxy server with Squid
Viewed 734 times since Sun, Dec 6, 2020
linux ssh How to Hide the OpenSSH Version Details when Telnet to Port 22
Viewed 1441 times since Wed, Apr 22, 2020
Check a Website Availability from the Linux Command Line
Viewed 4990 times since Mon, Feb 18, 2019
SSL HowTo: Decode CSR
Viewed 1549 times since Mon, Feb 18, 2019
How to enable Proxy Settings for Yum Command on RHEL / CentOS Servers
Viewed 9021 times since Thu, Jul 19, 2018
How to create a Systemd service in Linux
Viewed 897 times since Mon, Dec 7, 2020
Moving SSL Certificate from IIS to Apache
Viewed 803 times since Mon, Feb 18, 2019
RHEL: iSCSI target/initiator configuration on RHEL6
Viewed 5892 times since Sat, Jun 2, 2018
bash mistakes This page is a compilation of common mistakes made by bash users. Each example is flawed in some way.
Viewed 7339 times since Sun, Dec 6, 2020
How to convert RAW image to VDI and otherwise
Viewed 12062 times since Wed, Oct 3, 2018