How to generate CSR in Linux
In this example we will explain how to generate CSR in Linux using shell prompt or terminal window. A CSR is mostly required when you want to secure for example a website or a connection between one or more services that requires a secure connection. Any SSL issuer will always ask you to generate and present a CSR. We’ve chose CentOS for this Certificate Signing Request example as our main operating system.
First step is to make sure that we have
openssl-devel packages installed and updated in order to generate our very first CSR. The package manager
yum will facilitate our installation and update process. Lets start by running the following commands in our terminal window
$ yum install openssl openssl-devel $ yum update openssl openssl-devel
Storing and location
Once we have both required packages installed and updated we can start with our second step where we need to create a directory, this directory will be required to store our output files
$ mkdir ~/dummy-domain.com.ssl/ $ cd ~/dummy-domain.com.ssl/
Generate private key
Having now our directory ready we can proceed to generate the private key as shown below
$ openssl genrsa -out ~/dummy-domain.com.ssl/dummy-domain.com.key 2048
Using the above key we will be able now to generate CSR with the next command
$ openssl req -new -sha256 -key ~/dummy-domain.com.ssl/dummy-domain.com.key -out ~/dummy-domain.com.ssl/dummy-domain.com.csr
You will be asked to enter the details needed for CSR like shown in the example below
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:GB State or Province Name (full name) :London Locality Name (eg, city) [Default City]:London Organization Name (eg, company) [Default Company Ltd]:Dummy Company Ltd Organizational Unit Name (eg, section) :Tufora.com Common Name (eg, your name or your server's hostname) :dummy-domain.com Email Address :email@example.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : An optional company name :
Make sure that you are using the correct ISO country code and also ensure that in the
Common Name field you are specifying your domain name as shown in our example above.
Now that we have managed to generate our CSR is time to copy and make use of it using this command
$ cat ~/dummy-domain.com.ssl/dummy-domain.com.csr
In this quick tutorial we have learned how to generate CSR in Linux using shell prompt in just a few easy steps.