How to Generate a Certificate Signing Request (CSR) with OpenSSL? Print

  • 0

OpenSSL is a common utility used to generate a pair of private key and public Certificate Signing Request (CSR) for Apache web servers. In this tutorial, we will describe the steps to generate a Certificate Signing (CSR) from Apache 2.x web server.


  1. Login to your Linux machine via SSH and type the following command. While issuing the command, don't forget to replace your-domain-name with your actual domain name.

    openssl req -new -newkey rsa:2048 -nodes -keyout your-domain-name.key -out your-domain-name.csr 
  2. This command will generate two files, Private-Key file for the decryption of the SSL Certificate and Certificate Signing Request (CSR) file. You will now be asked to enter following information to generate the CSR key.

    • Common Name: Enter the Fully Qualified Domain Name of your website. When you generate a CSR key for Wildcard SSL, common name must start with * (asterisk). For Example, *
    • Organization: Enter the legal/registered name of your organization.
    • Organization Unit: Enter  exact section of your organization, if applicable.
    • City or Locality: Enter name of the city where your organization is registered. Do not abbreviate it.
    • State or Province: Enter name of the state or province where your company is located. Do not abbreviate it.
    • Country: Enter two letter ISO (International Organization for Standardization) abbreviation for your country.

  3. Once the necessary information is filled up, you will get your-domain-name.csr and your-domain-name.key files in the folder where the command was run. Open your-domain-name.csr file with a text-editor. Copy CSR key and paste in SSL certificate request page. Similarly, open your-domain-name.key file to get a private key.

Was this answer helpful?

« Back