Start a conversation

CSR Generation Using OpenSSL

Generate Key and Certificate

To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver, "server", use the following command:

openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr

This creates a two files. The file myserver.key contains a private key; do not disclose this file to anyone. Carefully protect the private key.

For some fields there will be a default value, If you enter '.', the field will be left blank.

Country Name (2 letter code) [AU]: US
State or Province Name (full name) [Some-State]: Alabama
Locality Name (eg, city) []: York
Organization Name (eg, company) [Internet Widgits Pty Ltd]: MyCompany Inc
Organizational Unit Name (eg, section) []: IT
Common Name (eg, YOUR name) []: mysubdomain.mydomain.com
Email Address []:

Please enter the following 'extra' attributes to be sent with your certificate request

A challenge password []: 
An optional company name []:

Use the name of the web-server as Common Name (CN). If the domain name (Common Name) is mydomain.com append the domain to the hostname (use the fully qualified domain name).

The fields email address, optional company name and challenge password can be left blank for a webserver certificate.

Your CSR will now have been created. Open the server.csr in a text editor and copy and paste the contents into the online enrollment form when requested.

Alternatively one may issue the following command to generate a CSR:

openssl req -nodes -newkey rsa:2048 -nodes -keyout myserver.key -out server.csr 
-subj "/C=GB/ST=Yorks/L=York/O=MyCompany Ltd./OU=IT/CN=mysubdomain.mydomain.com"
Choose files or drag and drop files
Was this article helpful?
Yes
No
  1. Fastcomcorp

  2. Posted
  3. Updated

Comments