A Certificate Signing request (CSR) is an important manner in SSL . It is an encoded format and it enables the Certificate Authority (CA) bundles. The CSR provides the public key along with some information about your company and domain name.
In this article we will help you to generate SSL CSR in Linux.
Install Required Packages:
First we need install the openssl packages using following command.
# yum install openssl mod_ssl
Generate Private Key:
The CSR requires the private key. We need generate the private by run below command.
# openssl genrsa -out www.example.com.key 2048
output
Generating RSA private key, 2048 bit long modulus .......................................++++++ ...................................................++++++ e is 61764 (0x01001) Enter passphrase for www.example.com.key: Verifying - Enter pass phrase for www.example.com.key:
Generate a Certificate Singing Request(CSR):
After generating private key, next you need to generate CSR using the above key. The command will ask some information regarding the domain.
#openssl req -new -key www.example.com.key -out www.example.com.csr
output:
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:IN State or Province Name (full name) []:Example Locality Name (eg, city) [Default City]:Example Organization Name (eg, company) [Default Company Ltd]:Example Pvt. Ltd. Organizational Unit Name (eg, section) []:BLOG Common Name (eg, your name or your server's hostname) []:www.example.com Email Address []:support@example.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
Another command also you can use to generate private key and CSR file.
# openssl req -new -newkey rsa:2048 -nodes -keyout www.example.com.key -out www.example.com.csr