How to Generate a Certificate Signing Request (CSR) with OpenSSL?

OpenSSL is used to generate a pair of private keys and public Certificate Signing Request (CSR) for Apache web servers. 

This article lists the steps to generate a Certificate Signing (CSR) from Apache 2.x web server. 

  1. Log in to your Linux machine via SSH and type the following command

openssl req -new -newkey rsa:2048 -nodes -keyout your-domain-name.key -out your-domain-name.csr

While issuing this command, don't forget to replace your-domain-name with your actual domain name.

2. This command will generate two files – the Private-Key file for the decryption of the SSL Certificate and the Certificate Signing Request (CSR) file.
You will now be asked to enter the following information to generate the CSR key - 

    • Common Name: Enter the Fully Qualified Domain Name of your website.
      When you generate a CSR key for Wildcard SSL, the common name must start with * (asterisk); for example -  *
    • Organization: Enter the legal/ registered name of your organization.
    • Organization Unit: Enter the exact section of your organization, if applicable.
    • City or Locality: Enter the name of the city where your organization is registered; do not abbreviate it.
    • State or Province: Enter the name of the state or province where your company is located; do not abbreviate it.
    • Country: Enter two-letter ISO (International Organization for Standardization) abbreviation for your country.

3. Once the necessary information is filled in, you will get your-domain-name.csr and your-domain-name.key files in the folder where the command was run.

4. Open your-domain-name.csr file with a text editor.

5. Copy the CSR key and paste it into the SSL certificate request page.

6. Similarly, open your-domain-name.key file to get a private key.


Was this answer helpful?

« Back


/* */