Create CSR using OpenSSL

Before you can install a Secure Socket Layer (SSL) certificate, you must first generate a certificate signing request (CSR). 


The following sections describe how to use OpenSSL to generate a CSR for a single host name. 

Install OpenSSL

Check whether OpenSSL is installed by using the following command:

CentOS® and Red Hat® Enterprise Linux®

rpm -qa | grep -i openssl

The following output provides an example of what the command returns:


Debian® and Ubuntu®

dpkg -l | grep openssl

The following output provides an example of what the command returns:

ii  libgnutls-openssl27:amd64           2.12.23-12ubuntu2.4              amd64        GNU TLS library - OpenSSL wrapper

ii  openssl                             1.0.1f-1ubuntu2.16               amd64        Secure Sockets Layer toolkit - cryptographic utility

If the preceding packages are not returned, install OpenSSL by running the following command:

CentOS and Red Hat

yum install openssl openssl-devel

Debian and Ubuntu

apt-get install openssl

Generate the RSA key

Run the following commands to create a directory in which to store your RSA key, substituting a directory name of your choice:

mkdir ~/
cd ~/

Run the following command to generate a private key:

openssl genrsa -out ~/ 2048

Create a CSR

Run the following command to create a CSR with the RSA private key (output is in Privacy-Enhanced Mail (PEM) format):

openssl req -new -sha256 -key ~/ -out ~/

When prompted, enter the necessary information for creating a CSR by using the conventions shown in the following table.

/O=OrganizationSwatantra Inc.
/OU=Organizational UnitSwatantra Solutions

Verify your CSR

Run the following command to verify your CSR:

openssl req -noout -text -in ~/

After you have verified your CSR, you can submit it to a CA to purchase an SSL certificate.

'Coz sharing is caring

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.