How do I create a CSR? (OpenSSL)

Christian Rohlof
2021-06-24 14:01

Generate the private key

  • Change to the directory where you want to store the private key.
  • To create a private key, execute the command below.
    "www.domain.com.key" is an example for the file name. Choose a filename here that you can later reassign to the page:
    openssl genrsa -out www.domain.com.key 4096

Create CSR

To create a CSR, OpenSSL is required, which is included in the OpenSSL package. Normally it is installed in " /usr/local/ssl/bin".

  • Change to the directory where you want to save the SSL certificate.
  • To create the CSR, run the following command.
    When doing so, match "www.domain.com.key" to the file name of your private key and replace "www.domain.com.csr" with a file name for the CSR file:
    openssl req -new -key www.domain.com.key -sha256 -out www.domain.com.csr
  • You will then be asked to enter some information for the certificate request. This information will also be displayed later in the certificate. Certificates with domain validation are an exception. There, only the country and the domain name appear later in the certificate.

Please do not use umlauts in your input.

  • Country Name (2 letter code): Enter the ISO country code in capital letters here, for example: DE.
    A list of ISO country codes can be found here. --->
    ISO
  • State or Province: Enter the state, for example: Bavaria
  • Locality or City: Enter your city here, for example: Muenchen
  • Company: Enter your company name including legal form. Only the following special characters are allowed: - . *. If the name contains another special character, please leave out the character or write it out. For example, instead of "A & B GmbH" enter "A and B GmbH" or "AB GmbH".
  • Organizational Unit: Here you can specify the department for which the certificate is ordered. The specification is optional. To skip the field, press the Enter key.
  • Common Name: For "Common Name", enter the domain/subdomain for which the certificate is to be issued, for example: www.domain.com.
  • If you are ordering a certificate for an umlaut domain, please enter the domain name as an ACE string.
  • Email Address: Enter your email address.
  • Please leave the fields "A challenge password" and "An optional company name" empty.
  • If necessary, you can check the entered data with the following command:
    openssl req -noout -text -in www.domain.com.csr

More Information

Instructions as video: YouTube

Tags: CSR, Hosting, SSL
Average rating: 0 (0 Votes)

You cannot comment on this entry