User Tools

Site Tools


ssl:generate-csr

Generate CSR from command line linux

Generate CSR

You will need to have openssl installed.
Replace domain.com with your domain.

openssl req -new -newkey rsa:2048 -nodes -keyout domain.com.key -out domain.com.csr

Attributes explanation:

  • newkey rsa:2048 tells OpenSSL to generate a new 2048-bit RSA private key.
  • nodes ensures that the private key is not encrypted with a passphrase. This is useful for servers where you don't want to enter a passphrase after every restart.
  • keyout domain.com.key specifies the filename for the generated private key.
  • out domain.com.csr specifies the filename for the generated CSR.

After running the command, you'll be prompted to enter details that will be embedded in your CSR.
This includes:

  • Country Name (2 letter code): The two-letter ISO abbreviation for your country.
  • State or Province Name (full name): The full name of your state or province.
  • Locality Name (eg, city): The name of the city where your organization is located.
  • Organization Name (eg, company): The legally registered name of your organization/company.
  • Organizational Unit Name (eg, section): This can be used to specify the department or division of your organization.
  • Common Name (e.g., server FQDN or YOUR name): This is the fully qualified domain name (FQDN) for which you're requesting the certificate, such as domain.com
  • Email Address: An email address where you can be contacted.
  • Additional Attributes: You might be asked for additional attributes like a challenge password or an optional company name, which are usually not required for most SSL certificates.

Verify CSR

After you've filled in all the necessary information, OpenSSL will generate your CSR and save it to the file domain.com.csr, and your private key to domain.com.key. You should keep your .key file secure and private, while the .csr file is what you will submit to a Certificate Authority (CA) when requesting your SSL certificate.

Remember to review your CSR details before submitting it to a CA.
You can use the following command to review the CSR:

openssl req -text -noout -verify -in domain.com.csr

This command displays the CSR's details, including the public key, and verifies its correctness.

ssl/generate-csr.txt · Last modified: 2024/02/05 12:14 by odefta