How to generate CSR in Linux

 
 

In this example we will explain how to generate CSR in Linux using shell prompt or terminal window. A CSR is mostly required when you want to secure for example a website or a connection between one or more services that requires a secure connection. Any SSL issuer will always ask you to generate and present a CSR. We’ve chose CentOS for this Certificate Signing Request example as our main operating system.

Required packages

First step is to make sure that we have openssl and openssl-devel packages installed and updated in order to generate our very first CSR. The package manager yum will facilitate our installation and update process. Lets start by running the following commands in our terminal window

$ yum install openssl openssl-devel
$ yum update openssl openssl-devel

Storing and location

Once we have both required packages installed and updated we can start with our second step where we need to create a directory, this directory will be required to store our output files

$ mkdir ~/dummy-domain.com.ssl/
$ cd ~/dummy-domain.com.ssl/

Generate private key

Having now our directory ready we can proceed to generate the private key as shown below

$ openssl genrsa -out ~/dummy-domain.com.ssl/dummy-domain.com.key 2048

Generate CSR

Using the above key we will be able now to generate CSR with the next command

$ openssl req -new -sha256 -key ~/dummy-domain.com.ssl/dummy-domain.com.key -out ~/dummy-domain.com.ssl/dummy-domain.com.csr

You will be asked to enter the details needed for CSR like shown in the example below

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:GB
State or Province Name (full name) []:London
Locality Name (eg, city) [Default City]:London
Organization Name (eg, company) [Default Company Ltd]:Dummy Company Ltd
Organizational Unit Name (eg, section) []:Tufora.com
Common Name (eg, your name or your server's hostname) []:dummy-domain.com
Email Address []:your-email@dummy-domain.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Make sure that you are using the correct ISO country code and also ensure that in the Common Name field you are specifying your domain name as shown in our example above.

Copy CSR

Now that we have managed to generate our CSR is time to copy and make use of it using this command

$ cat ~/dummy-domain.com.ssl/dummy-domain.com.csr

Conclusion

In this quick tutorial we have learned how to generate CSR in Linux using shell prompt in just a few easy steps.

Video

No video posted for this page.

Screenshots

No screenshots posted for this page.

Source code

No code posted for this page.

About this page

Article
How to generate CSR in Linux
Author
Category
Published
24/01/2018
Updated
05/11/2018
Tags

Share this page

If you found this page useful please share it with your friends or colleagues.