How do I create a CSR? (OpenSSL)

Depending on the operating system you are working on, there are different procedures to follow.

For Mac or Linux:

  1. Open a terminal window.
  2. Create a directory to store the CSR and private key, for example using the command: mkdir ~/ssl
  3. Change to the newly created directory: cd ~/ssl
  4. Generate a private key using the command: <openssl genrsa -out example.com.key 2048> (replace "example.com" with your domain name)
  5. Generate a CSR using the command: <openssl req -new -key example.com.key -out example.com.csr> (again, replace "example.com" with your domain name)
  6. Answer the questions listed to provide the information for your certificate.

For Windows:

  1. Download and install OpenSSL from a trusted source.
  2. Open a command prompt (cmd).
  3. Navigate to the OpenSSL directory where the exe file is stored.
  4. Generate a private key using the command: <openssl genrsa -out example.com.key 2048> (replace "example.com" with your domain name)
  5. Generate a CSR using the command: <openssl req -new -key example.com.key -out example.com.csr> (again, replace "example.com" with your domain name)
  6. Answer the questions listed to provide the information for your certificate.

Note that you must securely store the created files as you will need the private key later to install your certificate.

Please note that you should not use umlauts in your input.


The questions to be answered are:

  • Country Name (2 letter code): Enter the ISO country code in uppercase letters, for example: DE. A list of ISO country codes can be found at: ISO.
  • State or Province: Enter the state or province, for example: Bayern.
  • Locality or City: Enter your city, for example: Muenchen.
  • Company: Enter your company name including legal form. Only the following special characters are allowed: - . *. If the name contains another special character, please omit it or spell it out. For example, instead of "A & B GmbH", enter "A und B GmbH" or "AB GmbH".
  • Organizational Unit: Here you can specify the department for which the certificate is ordered. The entry is optional. To skip the field, press the Enter key.
  • Common Name: Enter the domain/subdomain for which the certificate is to be issued under "Common Name", for example: www.domain.com. If you are ordering a certificate for a domain with umlauts, please enter the domain name as an ACE string.
  • Email Address: Enter your email address.
  • Please leave the fields "A challenge password" and "An optional company name" blank.
  • You can verify the entered data, if necessary, with the following command: <openssl req -noout -text -in www.domain.com.csr>

More Information