How to generate CSR and private key for SSL certificates



To get SSL certificate from certificate authority, CSR (Certificate Signing Request) and private key are required. In this small tutorial, we will see how to generate them easily on your Linux box.

How to generate CSR and key

On your Linux terminal enter a below command. Make sure to replace mydomain.key and mydomain.csr with your own filenames.

openssl req -newkey rsa:2048 -nodes -keyout -out

Now OpenSSL program will ask few details. Provide them as per your requirement. You can skip last 2 attributes (or even more).

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:Andhra Pradesh
Locality Name (eg, city) []:Hyderabad
Organization Name (eg, company) [Internet Widgits Pty Ltd]:LaymanClass
Organizational Unit Name (eg, section) []:Product Development
Common Name (e.g. server FQDN or YOUR name) []
Email Address []

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:     
An optional company name []:

Now OpenSSL will generate two files and in current directory. You can now get SSL certificates from your certificate authority by providing them your newly generated CSR.

Hope this help you ! Stay awesome !

Leave a Reply