A certificate signing request (CSR) is an encoded message which provided to the certificate authority (CA) in order to get an SSL certificate. This tutorial demonstrates how to generate a certificate signing request using OpenSSL.
The openssl req command can be used for generating certificate signing requests. For example, the following command generates the 2048-bit RSA private key and CSR:
openssl req -newkey rsa:2048 -nodes -keyout test.key -out test.csr -subj "/C=US/O=Test Company/OU=Test Organization Unit/CN=test.com"The meaning of options:
-newkey rsa:2048- creates a new certificate signing request and 2048-bit RSA private key.-nodes- specifies that private key should be created without encryption.-keyout test.key- specifies where private key should be saved.-out test.csr- specifies where certificate signing request should be saved.-subj "..."- allows to specify subject information for certificate signing request.
Meaning of fields specified in -subj line:
C- country name (2-letter code).O- organization name.OU- organizational unit name.CN- common name (e.g. fully qualified domain name, IP address).
Leave a Comment
Cancel reply