User Tools

Site Tools


Generate CSR from command line linux

Generate CSR

You will need to have openssl installed.
Replace with your domain.

openssl req -new -newkey rsa:2048 -nodes -keyout -out

Attributes explanation:

  • newkey rsa:2048 tells OpenSSL to generate a new 2048-bit RSA private key.
  • nodes ensures that the private key is not encrypted with a passphrase. This is useful for servers where you don't want to enter a passphrase after every restart.
  • keyout specifies the filename for the generated private key.
  • out specifies the filename for the generated CSR.

After running the command, you'll be prompted to enter details that will be embedded in your CSR.
This includes:

  • Country Name (2 letter code): The two-letter ISO abbreviation for your country.
  • State or Province Name (full name): The full name of your state or province.
  • Locality Name (eg, city): The name of the city where your organization is located.
  • Organization Name (eg, company): The legally registered name of your organization/company.
  • Organizational Unit Name (eg, section): This can be used to specify the department or division of your organization.
  • Common Name (e.g., server FQDN or YOUR name): This is the fully qualified domain name (FQDN) for which you're requesting the certificate, such as
  • Email Address: An email address where you can be contacted.
  • Additional Attributes: You might be asked for additional attributes like a challenge password or an optional company name, which are usually not required for most SSL certificates.

Verify CSR

After you've filled in all the necessary information, OpenSSL will generate your CSR and save it to the file, and your private key to You should keep your .key file secure and private, while the .csr file is what you will submit to a Certificate Authority (CA) when requesting your SSL certificate.

Remember to review your CSR details before submitting it to a CA.
You can use the following command to review the CSR:

openssl req -text -noout -verify -in

This command displays the CSR's details, including the public key, and verifies its correctness.

ssl/generate-csr.txt · Last modified: 2024/02/05 12:14 by odefta