How to Create SSL Certificate Signing Request (CSR) in Linux

CSR stands for ‘Certificate Signing Request’, that is generated on the server where the certificate will be used on. A CSR contains information about to your organization and domain name, locality, and country and public key that will be included in your certificate.

This article have 3 simple steps to create CSR (Certificate Signing Request) on Linux systems. You can choose one of below.

I. Single Command:

We can create a CSR using single command like below. But make sure you have installed openssl package on your system. The below command will first create private key and then generate CSR. This command will also required few details as input.

# openssl req -new -newkey rsa:2048 -nodes -keyout tecadmin.net.key  -out tecadmin.net.csr

II. Short Instructions:

Below are three simple command to generate csr. You may also use detailed instructions to do it.

# yum install openssl

# openssl genrsa -out tecadmin.net.key 2048

# openssl req -new -key tecadmin.net.key -out tecadmin.net.csr

III. Detailed Instructions:

Step 1: Install Required Packages.

In order to generate CSR you required OpenSSL to be installed on your system. If it is not already install use below command to install it.

# yum install openssl

Step 2: Generate Key for your Domain.

Firstly you required root access to generate key file. So login as root and use below command to generate key.

# openssl genrsa -out tecadmin.net.key 2048

Sample Output:

Generating RSA private key, 2048 bit long modulus
........................................+++
....................................................+++
e is 65537 (0x10001)

At the end of command it showing 2048, which is lengh of key in bits. Most of CA required 2048 bit lengh keys. Above command will create a key file tecadmin.net.key, which is used in step 3.

Step 3: Generate CSR for your Domain using Key.

After generating key, next steps is to generate CSR for the domain. Use below command to generate CSR file, This command will prompt for your organization and common name, locality, email and country. Common Name must be same as your domain name.

# openssl req -new -key tecadmin.net.key -out tecadmin.net.csr

Sample Output:

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Uttar Pradesh
Locality Name (eg, city) [Default City]:Lucknow
Organization Name (eg, company) [Default Company Ltd]:TecAdmin Pvt Ltd
Organizational Unit Name (eg, section) []:BLOG
Common Name (eg, your name or your server's hostname) []:tecadmin.net
Email Address []:admin@tecadmin.net

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Above command will generate a file tecadmin.net.csr in current directory, Use this file to order your SSL from CA ( Certificate Authority ).