A certificate signing request (CSR) is one of the essential steps before getting your SSL Certificate. Following are the steps on how to generate a CSR on a Linux-based server, where an OpenSSL is planned to be installed. Before we generate the CSR for a domain, we need to obtain the following information.
Common Name: The name of the domain in need of an SSL certificate.
Organization: The name of your organization/company
Organizational Unit: Affiliated department
1 Log into the terminal of your server
Please log into the server where you plan to install the certificate via Secure Shell (SSH).
2 Install OpenSSL
Please use the following commands to install OpenSSL tool if it has not been installed on your server.
yum install openssl -y (Centos)
apt install openssl -y (debian/ubuntu)
3 Create a private key and a CSR
Please use the following command to generate a private key and a CSR :
openssl req -new - newkey rsa:2048 -nodes -keyout domain.key -out domain.csr
Note: Please replace the key and CSR name with your domain name that needs to create the CSR.
4 Enter the details of the CSR
CSR requires the following information
- Common Name: The domain that needs the CSR. Such as www.google.com.
- Organization: The name of your organization/ company.
- Organization Unit (OU): Affiliated department.
- City or Locality:
- State or Province:
- Country: The official two-letter country code (i.e. US, UK, IN) where your organization is legally
Note: You do not need to enter a password or passphrase. This optional field is for applying additional security to your key pair.
5 Check the CSR and private key
The CSR will be created after step 3.
Note: Please ensure that the private key will be saved. The private key is very important to create a pfx certificate or use the SSL certificate to web service of the Linux server.