CSR stands for ‘Certificate Signing Request’, that is generated on the server where the certificate will be used on. A CSR contains information about your organization and domain name, locality, and country and a public key that will be included in your certificate.
This article has 3 methods to create CSR (Certificate Signing Request) on Linux systems. You can choose any one of the below methods. All methods will do the same task, only they have a detailed explanation.
Method 1 – Generate CSR Using Single Line Command
We can create CSR using a single command like the one below. But make sure you have installed the OpenSSL package on your system. The below command will first create a private key and then generate CSR. This command will also require a few details as input.
openssl req -new -newkey rsa:2048 -nodes -keyout tecadmin.net.key -out tecadmin.net.csr
Method 2 – Short Instructions to Generate CSR
Below are three simple commands to generate CSR. You may also use detailed instructions to do it.
sudo yum install openssl## Redhat based systems sudo dnf install openssl## Fedora systems sudo apt install openssl## Debian based systems
openssl genrsa -out tecadmin.net.key 2048
openssl req -new -key tecadmin.net.key -out tecadmin.net.csr
Method 3 – Detailed Instructions to Generate CSR
Step 1: Install Required Packages
In order to generate CSR, you required OpenSSL to be installed on your system. If it is not already installed use the below command to install it.
sudo yum install openssl## Redhat based systems sudo dnf install openssl## Fedora systems sudo apt-get install openssl## Debian based systems
Step 2: Generate Key for your Domain.
Firstly you required root access to generate a key file. So login as root and use the below command to generate a key.
openssl genrsa -out tecadmin.net.key 2048
Sample output:
Generating RSA private key, 2048 bit long modulus ........................................+++ ....................................................+++ e is 65537 (0x10001)
At the end of the command, it shows 2048, which is the length of the key in bits. Most CA required 2048-bit length keys. The above command will create a key file tecadmin.net.key, which is used in step 3.
Step 3: Generate CSR for your Domain using Key
After generating a key, the next steps are to generate CSR for the domain. Use the below command to generate the CSR file, This command will prompt for your organization and common name, locality, email, and country. The common Name must be the same as your domain name.
openssl req -new -key tecadmin.net.key -out tecadmin.net.csr
Sample Output:
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]: IN State or Province Name (full name) []: Uttar Pradesh Locality Name (eg, city) [Default City]: Lucknow Organization Name (eg, company) [Default Company Ltd]: TecAdmin Pvt Ltd Organizational Unit Name (eg, section) []: BLOG Common Name (eg, your name or your server's hostname) []: tecadmin.net Email Address []: [email protected] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
The above command will generate a file
References:
http://wiki.centos.org/HowTos/Https
http://www.centos.org/docs/4/4.5/System_Administration_Guide/Apache_HTTP_Secure_Server_Configuration-Generating_a_Key.html
1 Comment
Oneliner
openssl req -new -newkey rsa:2048 -nodes -keyout domain.com.key -out domain.com.csr