Home » Featured, Headline, Software Development

Generate CSR(Certificate Signing Request) in Linux

21 September 2016 No Comment

What is a CSR?
A CSR or Certificate Signing request is a block of encoded text that is given to a Certificate Authority when applying for an SSL Certificate. It is usually generated on the server where the certificate will be installed and contains information that will be included in the certificate such as the organization name, common name (domain name), locality, and country. It also contains the public key that will be included in the certificate. A private key is usually created at the same time that you create the CSR, making a key pair.

A certificate authority(CA) e.g. Comodo SL or GeoTrust, will use a CSR to create your SSL certificate, but it does not need your private key. You need to keep your private key secret. The certificate created with a particular CSR will only work with the private key that was generated with it. So if you lose the private key, the certificate will no longer work.

Below is how to generate CSR on linux using OpenSSL.

1. Open a terminal in Linux
2. Type the following command (change nadzweb to your domain name)
openssl req -out nadzweb.csr -new -newkey rsa:2048 -nodes -keyout nadzweb.key

3. Fill the following fields on prompt.

Field Example
Country Name NZ (2 Letter Code)
State or Province North Island(Full State Name)
Locality Auckland(Full City name)
Organization Nadzweb Ltd (Entity’s Legal Name)
Organizational Unit . (Optional, e.g. a department)
Common Name www.nadzweb.com (Domain or Entity name)

If you are planning to get a wildcard SSL, then use *.nadzweb.com for the Common Name above

4. There will be 2 keys generated.
nadzweb.key and nadzweb.csr.

5. Send the CSR(nadzweb.csr) to the Certificate Authority to receive the SSL certificates.

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Anti-spam image