Generate Certificate Signing Request (CSR) using OpenSSL

Generate Certificate Signing Request (CSR) using OpenSSL

A certificate signing request (CSR) is an encoded message which provided to the certificate authority (CA) in order to get an SSL certificate. This tutorial demonstrates how to generate a certificate signing request using OpenSSL.

The openssl req command can be used for generating certificate signing requests. For example, the following command generates the 2048-bit RSA private key and CSR:

openssl req -newkey rsa:2048 -nodes -keyout test.key -out test.csr -subj "/C=US/O=Test Company/OU=Test Organization Unit/CN=test.com"

The meaning of options:

  • -newkey rsa:2048 - creates a new certificate signing request and 2048-bit RSA private key.
  • -nodes - specifies that private key should be created without encryption.
  • -keyout test.key - specifies where private key should be saved.
  • -out test.csr - specifies where certificate signing request should be saved.
  • -subj "..." - allows to specify subject information for certificate signing request.

Meaning of fields specified in -subj line:

  • C - country name (2-letter code).
  • O - organization name.
  • OU - organizational unit name.
  • CN - common name (e.g. fully qualified domain name, IP address).

Leave a Comment

Cancel reply

Your email address will not be published.