Categories
Apache DevOps HTTP Concepts linux Technology

Create CSR using OpenSSL

Before you can install a Secure Socket Layer (SSL) certificate, you must first generate a certificate signing request (CSR). 

OpenSSL

The following sections describe how to use OpenSSL to generate a CSR for a single host name. 

Install OpenSSL

Check whether OpenSSL is installed by using the following command:

CentOS® and Red Hat® Enterprise Linux®

rpm -qa | grep -i openssl

The following output provides an example of what the command returns:

openssl-1.0.1e-48.el6_8.1.x86_64
openssl-devel-1.0.1e-48.el6_8.1.x86_64
openssl-1.0.1e-48.el6_8.1.i686

Debian® and Ubuntu®

dpkg -l | grep openssl

The following output provides an example of what the command returns:

ii  libgnutls-openssl27:amd64           2.12.23-12ubuntu2.4              amd64        GNU TLS library - OpenSSL wrapper

ii  openssl                             1.0.1f-1ubuntu2.16               amd64        Secure Sockets Layer toolkit - cryptographic utility

If the preceding packages are not returned, install OpenSSL by running the following command:

CentOS and Red Hat

yum install openssl openssl-devel

Debian and Ubuntu

apt-get install openssl

Generate the RSA key

Run the following commands to create a directory in which to store your RSA key, substituting a directory name of your choice:

mkdir ~/domain.com.ssl/
cd ~/domain.com.ssl/

Run the following command to generate a private key:

openssl genrsa -out ~/domain.com.ssl/domain.com.key 2048

Create a CSR

Run the following command to create a CSR with the RSA private key (output is in Privacy-Enhanced Mail (PEM) format):

openssl req -new -sha256 -key ~/domain.com.ssl/domain.com.key -out ~/domain.com.ssl/domain.com.csr

When prompted, enter the necessary information for creating a CSR by using the conventions shown in the following table.

FieldMeaningExample
/C=CountryNL
/ST=StateNoord-Holland
/L=LocationAmstelveen
/O=OrganizationSwatantra Inc.
/OU=Organizational UnitSwatantra Solutions
/CN=Common Nameexample.domain.com

Verify your CSR

Run the following command to verify your CSR:

openssl req -noout -text -in ~/domain.com.ssl/domain.com.csr

After you have verified your CSR, you can submit it to a CA to purchase an SSL certificate.

'Coz sharing is caring

By Swatantra Kumar

Swatantra is an Open Source evangelist, a technologist and researcher. Professionally, he does software development, software architecture, server administration and project management. When he's not writing software, he enjoys building web entities and servers, reading about and working with new technologies, and trying to get his friends to make the move to open source software. He's written, co-written and published many articles in international journals, on various domains/topics including Open Source, Networks, Computer Organization, Mobile Technologies, and Business Intelligence. He made a proposal for an information management system at University level during graduation days.

One reply on “Create CSR using OpenSSL”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.