How to generate CSR in Linux
In this example we will explain how to generate CSR in Linux using shell prompt or terminal window. A CSR is mostly required when you want to secure for example a website or a connection between one or more services that requires a secure connection. Any SSL issuer will always ask you to generate and present a CSR. We’ve chose CentOS for this Certificate Signing Request example as our main operating system.
Required packages
First step is to make sure that we have openssl
and openssl-devel
packages installed and updated in order to generate our very first CSR. The package manager yum
will facilitate our installation and update process. Lets start by running the following commands in our terminal window
$ yum install openssl openssl-devel
$ yum update openssl openssl-devel
Storing and location
Once we have both required packages installed and updated we can start with our second step where we need to create a directory, this directory will be required to store our output files
$ mkdir ~/dummy-domain.com.ssl/
$ cd ~/dummy-domain.com.ssl/
Generate private key
Having now our directory ready we can proceed to generate the private key as shown below
$ openssl genrsa -out ~/dummy-domain.com.ssl/dummy-domain.com.key 2048
Generate CSR
Using the above key we will be able now to generate CSR with the next command
$ openssl req -new -sha256 -key ~/dummy-domain.com.ssl/dummy-domain.com.key -out ~/dummy-domain.com.ssl/dummy-domain.com.csr
You will be asked to enter the details needed for CSR like shown in the example below
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:GB
State or Province Name (full name) []:London
Locality Name (eg, city) [Default City]:London
Organization Name (eg, company) [Default Company Ltd]:Dummy Company Ltd
Organizational Unit Name (eg, section) []:Tufora.com
Common Name (eg, your name or your server's hostname) []:dummy-domain.com
Email Address []:your-email@dummy-domain.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Make sure that you are using the correct ISO country code and also ensure that in the Common Name
field you are specifying your domain name as shown in our example above.
Copy CSR
Now that we have managed to generate our CSR is time to copy and make use of it using this command
$ cat ~/dummy-domain.com.ssl/dummy-domain.com.csr
Conclusion
In this quick tutorial we have learned how to generate CSR in Linux using shell prompt in just a few easy steps.