Ensure your Linux, UNIX operating system is installed with the OpenSSL utility tool. The overall steps are really simple and once the CSR is generated, you can use it to apply the SSL certificate from any of the CA (Certificate Authority).
Step 1: Use below openssl command. Please be noted that, below command will generate both files in the current working directory. You can specify the location or jump to your desire directory before executing the command.
- CSR_FILE.csr : This is the CSR file
- PRIVATE_FILE.key : This is the private key file
openssl req -new -newkey rsa:2048 -nodes -out CSR_FILE.csr -keyout PRIVATE_FILE.key
Some information message on the CSR creation. No action needed here.
Generating a 2048 bit RSA private key
..........................................+++
.....+++
writing new private key to 'PRIVATE_FILE.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Step 2: At here, you will have to fill in all the necessary information required.
- The country 2 letter code name, example, Malaysia = MY
Country Name (2 letter code) [XX]:MY
- The state or the province name.
State or Province Name (full name) []:Kelantan
- The city
Locality Name (eg, city) [Default City]:Pasir Mas
- The company name
Organization Name (eg, company) [Default Company Ltd]:KEEM Enterprise
- The OU name
Organizational Unit Name (eg, section) []:KEEM
- The CN name
Common Name (eg, your name or your server's hostname) []:keem.org
- The email address
Email Address []:gapo@keem.org
- Some extra information on password and company name. If you maintain the password, please keep the password safely as you might need it in future for SSL certificate application and renewal.
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:Password123
An optional company name []: KEEM
Step 3: Once completed, you will see 2 files generated as below
CSR_FILE.csr
PRIVATE_FILE.key
Step 4: If you open the CSR file, you will see something similar as below. It’s now done and you can use it to apply for SSL certificate.
# more CSR_FILE.csr
-----BEGIN CERTIFICATE REQUEST-----
UdIoC7V8Lq4XakSq2LMAkGA1UEBhMCU0cxDzANBgNVBAgMBkp1cm9uZzERMA8G
A1UEBwwIS2VsYW50YW4xDDAKBgNVBAoMA0JIUDERMA8GA1UECwwIQkhQQkhQCAgx
EjAQBgNVBAMMCWJocHBwLmNvbTEWMBQGCSqGSIb3DQEJARYHYWJjLmNvbTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM2IUgp/LhCYjOUHCEudlQ9pHyH/
wSZ+FQ99EGugalYJs8Nyes5fPLdCWjtYx9IcF0dhgQAlUEuDE+nJWA5aFJ3RA1xX
hhuHZxAPn+BUY0eKlHa6gAyMFUdIoC7V8Lq4XakSq2Tq39x5uRMRsyoD5RwE3BUc
Z98BrJt3eB4SfIaEf3TWZVx4JR2yAgmiDEuF7PiZS5oLCBuYDVHCfavvsCdjF9Iv
iooUe0fpM6o1JjGOUqY/LSUA2DoxVZ16x+nusgS8nIeOLRp7HbB8stvTt2KF9unY
sDVJONbNhPGcUtlxmNfdksjfdjfld939-;l,2-;994jjmfl8KdO3kRG6OB8CAwEA
AaAYMBYGCSqGSIb3DQEJBzEJDAdhYEuF7PiZS5oLCBuYDVHCfGSIb3DQEBCwUAA4
5VGB25HpQY+iO5YNnKh9OZI3Ivh90nPInY46Egs4kgaGkNs7fYdnoNRUBzTeFdIp
JpCtjMt1XgJyD+J4UpdrBPbK8lFdkidd65JF2Q/R5YYVVJySJ0jl7ufeW/24fsaf
aG1SSh0e8NlZp8dGfRRqjkGyvZ15zqro0Mev1AfueWqLaaPsDK5PVdtH0nwAOO2z
f2zdVg2b6NP/GBzdiHAGfEX/iL9m0kn9FojBjzW4WMQV4dlt7Pyl65R41aPUhGXD
Q/R5YYVVJyws8tTw4tBNSE8GJLu9MKg25sYWuxoHXoPwk/qyoCL6v3A6ikoS0M1/
mmXKs33ePexPQ1aEsWjqIBAQC7
-----END CERTIFICATE REQUEST-----
