How to Generate a CSR using OpenSSL

So how do you generate a certificate signing request for the Apache Web Server using the Linux command line and the OpenSSL utility?

Generating CSR From OpenSSL Pre-Conditions

Linux servers come with openssl as standard. You do not need to install anything before running this command. Just go to the shell and type the below.

If you have two domains namely and you use everything before the first dot. NO DOTS IN DOMAIN NAMES is the rule of thumb.

The generate CSR openssl command

Go to your linux home folder (just type “cd” anwhere and Linux takes you there).

openssl req -new -newkey rsa:2048 -nodes -keyout my-new-domain-name.key -out my-new-domain-name.csr

Now openssl becomes “interactive”. From here you need to

  • Refer to the tips on how to answer the questions
  • Set and “remember” a password
  • See that 2 files are created in your present directory
  • Upload the CSR as directed by the signing authority
  • Re-enter the password you set if and when asked

OpenSSL Sample Command

Just answer the questions (see the tips below)

openssl req -new -newkey rsa:2048 -nodes -keyout build-business-websites.key -out build-business-websites.csr

Distinguished Name (DN)

The process of entering a Distinguished Name (DN) is as

Generating a 2048 bit RSA private key

unable to write 'random state' writing new private key to <=your-domain-b4-the-dot=>.key ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:GB State or Province Name (full name) [Some-State]:Gt London Locality Name (eg, city):London Organization Name (eg, company) [Internet Widgits Pty Ltd]:Carbon Copy Mathematics Organizational Unit Name (eg, section) :Math Education Services Common Name (e.g. server FQDN or YOUR name) :Apollo Akora Email Address Please enter the following extra attributes to be sent with your certificate request A challenge password:<== Enter A Dot Then Press Return ==> An optional company name :Carbon Copy Mathematics

Notes on generating a 2048 bit RSA Private Key

  1. You will be asked to enter information to be incorporated into your certificate
  2. You will enter a Distinguished Name (aka DN)
  3. Avoid entering a passphrase as this stalls the Apache2 restart
  4. There are quite a few fields but you can leave some blank
  5. For some fields there will be a default value
  6. If you enter '.', the field will be left blank
  7. The name and address details should be tackled with care

OpenSSL CSR Request Observable Value

If you have executed the above accurately and you enter the command ls -lah you should see a .csr file and your private key in the .key file. Well Done!

Leave a Reply

Your email address will not be published. Required fields are marked *