We use cookies on this page to better serve you. You can find more information about cookies here.

Generate CSR with OpenSSL

Generate CSR with OpenSSL
by
Generate CSR with OpenSSL

There are many ways to generate a CSR (Certificate Signing Request). In this post, I will show you step-by-step how to generate a CSR using OpenSSL.

Prerequisites

  • OpenSSL binary installed. You can find the OpenSSL binaries on the OpenSSL wiki.

The Process

  • Create a working directory.

I will be using C:\SSL as my working directory.

  • Open command line. You can use Linux or Windows. The commands are all the same regardless of which OS you are using.

I will be using Microsoft Windows with Windows Terminal and PowerShell.

  • We will use the following options to create our OpenSSL command.
    • req to let OpenSSL know that we want to make a CSR.
    • newkey to tell Open SSL that we want a new private key.
    • rsa:2048 to tell Open SSL we want the private key encoded with RSA and 2048 bits.
    • keyout to tell OpenSSL where to save the private key.
    • out to tell OpenSSL where to save the CSR.
  • Using those options, we can create the OpenSSL command to generate a new private key and create the CSR. Replace PATH_TO_KEY and PATH_TO_CSR with the location where you want the private key and CSR saved. openssl req -newkey rsa:2048 -keyout PATH_TO_KEY -out PATH_TO_CSR

In my example, I will name my private key private.key, and my CSR will be named csr. The command for me will look like openssl req -newkey rsa:2048 -keyout private.key -out csr

  • Enter a password that will be used to encrypt your private key.

Technically, you can create a private key without a password using the option noenc.

  • Next, we need to provide information about the certificate.
    • Country Name is the 2 letter country code of the country where the business resides.
    • State or Province Name is the full State or Province where the business resides. No abbreviations.
    • Locality Name is the city where the business resides.
    • Organization Name is usually the business name.
    • Organizational Unit Name is which department the certificate will be used by. I typically just use IT for it.
    • Common Name is what the SSL certificate will be generated for.

Those are usually the bare minimum requirements for most SSL vendors. Some CAs (Certificate Authorities) may need more information. If they do, they usually list what else is required.

You have now generated a CSR. You can provide the CSR to your SSL vendor or CA.

Related posts:

Generate CSR with MMC Convert PFX Certificate Broken Certificate Chain Complete a CSR
IT
CertificatesHow ToLinuxOpenSSLSSLWindows
Entra Application Proxy
Previous post

Leave a comment

Your email address will not be published. Required fields are marked *

theDXT on GitHub
theDXT on X (Twitter)
theDXT on YouTube