Generating SSL Certificate Signing Request (CSR) in Linux

Certificate Signing Request (CSR) is the intermediate form of SSL certificate that enables a Certificate Authority (CA) to generate a signed SSL certificate and verify the identity of a domain’s owner. A CSR has encoded a file that provides you with a standardized way to send us your public key along with some information that identifies your company and domain name.

Install Required Packages:
First, we need to install the required packages. If the required packages are already installed then ignore this step.

# yum install openssl mod_ssl
Generate Private Key:
Before generating the CSR we need to generate the private key file. Run the below command to generate the key.

# openssl genrsa -out 2048

Generating RSA private key, 2048 bit long modulus
…………………. …….. …….++++++
………………………… … … .. ++++++
e is 61764 (0x01001)
Enter passphrase for
Verifying – Enter pass phrase for
Generate a Certificate Signing Request (CSR):
After generating the private key, next you need to generate CSR using the above key. The command will ask some information regarding the domain.

# openssl req -new -key -out

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields, there will be a default value,
If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Bangalore
Locality Name (eg, city) [Default City]:Bangalore
Organization Name (eg, company) [Default Company Ltd]
Organizational Unit Name (eg, section) []:BLOGSITE
Common Name (eg, your name or your server’s hostname) []
Email Address []

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
You can also create the private key and CSR file using single command. The command first generate the private key then it will generate the CSR.

# openssl req -new -newkey rsa:2048 -nodes -keyout -out
Now CSR has been generated successfully, use this file to order the SSL certificate.

Leave a Reply

Your email address will not be published. Required fields are marked *