Search Our Database

Introduction

A CSR (Certificate Signing Request) is a block of encoded text given to a Certificate Authority when applying for an SSL Certificate. It contains the public key that will be included in the certificate. When generating the CSR, a private key is usually created at the same time, forming a key pair.

Prerequisites

• Domain Name
• Country Code
• State or Province Name
• City
• Organization Name
• Common Name
• Email Address
  

Step-by-step Guide

Step 1: Creating a Private Key and Certificate Signing Request (CSR)

1. SSH into your Linux server.
2. Run the following command to generate a 4096-bit RSA private key and CSR:

openssl req -newkey rsa:4096 -nodes -keyout www.example.domain.key -out www.example.domain.csr

3. You will be prompted to enter several details. Fill in the required information:

[root@server ~]# openssl req -newkey rsa:4096 -nodes -keyout www.example.domain.key -out www.example.domain.csr
Generating a 4096-bit RSA private key
....................................................+++
..................+++
Writing new private key to 'www.example.domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is called a Distinguished Name or DN.
There are quite a few fields, but some can be left blank.
For some fields, there will be a default value.
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]: MY
State or Province Name (full name) []: Selangor
Locality Name (eg, city) [Default City]: Bangsar
Organization Name (eg, company) [Default Company Ltd]: MyCompany Ltd
Organizational Unit Name (eg, section) []: 
Common Name (eg, your server's hostname) []: www.example.domain
Email Address []: admin@example.com

Please enter the following 'extra' attributes to be sent with your certificate request:
A challenge password []: 
An optional company name []: 

Step 2: Verifying the CSR and Preparing for SSL Certificate Submission

1. Verify the CSR by running the following command:

cat www.example.domain.csr

Example output:

-----BEGIN CERTIFICATE REQUEST-----
MIICuzCCAaMCAQAwdjELMAkGA1UEBhMCTVkxETAPBgNVBAgMCFNlbGFuZ29yMRAw
DgYDVQQHDAdCYW5nc2FyMRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMSQw
IgYDVQQDDBtsaW5rMS5haWFteWlwb3Nkb3dubG9hZC5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDySSqK7DMWXYzjxecWiOrtAsp3ffZ4cjJuaa35
W248BP911kmwoCMUNIdG4iTsmtIbPS8y5VnkAK9z94p+Mz0ILkPsdi8rP1YTNkfW
6wp333wpSeW/Epnrt16rkkb73S8vo5dfnp3cFDueQvSi8KdKR3YX5Rw8ovrNN5Mb
TscMOA43sVB81iGJMpCqsTd6XoGGqhZDM8ydPxgmvKwiuN1b+dBACaMyUHFKqtPf
TGU8a3LyFfpV1wYfUtNZsQkDxZBxxegbdxmaeVJLmgeRE9O9Rr+dVRR/lLvVdPtg
LWmLi+12euhf3hzd/fGhkk6cavElOjSR8lTrzSrJXkyeryHLAgMBAAGgADANBgkq
hkiG9w0BAQUFAAOCAQEA8MiL9/q+i31x2MGXw1SigE38RTgQ36MeMCUrfsReZQ1u
TVZrbaYXfMFpm3VVD7QY+z/xHTSzO3VGWTN5ScqH+QMeadP56cXZx1yqZIe4bHoV
yGb48nhAeJSFloRiG+h/K5oMeuiXvupHg739HAiOrUKPm4GtgLJsprcH5II79DMB
Fme3Zyl5td1Sz+nByyaRhbD4EEUe6OvSqmYB6JjSqCBUgDlZSpUCUA4V1O1pHGmI
xIpYWnEgqbfU0hyZocWep5rZ0v/xwCcvUDjHNprW4Re9qMKYjeZw4s9Bs8YCd8vL
XKCzaTp2Z/p0yeSWhxPfhs3Z0nJbBMhC0Vx/xX8N/A==
-----END CERTIFICATE REQUEST-----

2. You now have your CSR ready with a 4096-bit RSA key, which you can submit to a Certificate Authority (CA) to obtain your SSL certificate.

Conclusion

Generating a CSR on a Linux server is an essential step in obtaining an SSL certificate, which secures the communication between your server and its clients. By creating a CSR, you provide the Certificate Authority (CA) with the information it needs to authenticate your domain and organization. Remember to keep your private key secure, as it works with the SSL certificate to encrypt and decrypt data. Once you’ve submitted the CSR to the CA and received the SSL certificate, you can install it on your server to enhance the security and trustworthiness of your website.

For additional assistance or if you encounter any issues, please contact our support team at support@ipserverone.com

Article posted 15 July 2022 by Nicholas Khoo.