This tutorial explains, how to generate Certificate Signing Request(CSR) for Linux.

 

Certificate Signing Request(CSR)

 

Certificate Signing Request(CSR) is a block of encoded text that is shared to Certificate Authority for purchasing or renewing an SSL Certificate for a Domain/Website.

In this tutorial, we will learn how to generate Certificate Signing Request(CSR) for Linux. When we generate CSR for Linux, we also generate a Private Key and that Private Key we need to keep safe with Us. The Private Key is needed when we Install the SSL Certificate on our Server after SSL Certificate is purchased.

We generate and share the CSR with the Certificate Authority for purchasing/renewing the SSL Certificate for our Website.

 

Read:  Git Install on Ubuntu/Centos/Amazon Linux/Windows

Also Read: What is DNS and how it works?

 

Generate Certificate Signing Request in Linux

 

Step 1- Install OpenSSL to generate CSR.

Check if OpenSSL is already installed by checking OpenSSL Version

  $ openssl version -a

   OpenSSL 1.1.1d 10 Sep 2022
    built on: Mon Feb 10 17:00:06 2020 UTC
    platform: linux-x86_64

If OpenSSL is not installed, please use the following command to install Openssl

  For Ubuntu/Debian

  $ sudo apt-get install openssl*

For Amazon Linux/Centos/RHEL

 $ sudo yum install openssl*

Step 2 – Generate CSR

Generate CSR using the following command. Change the name of your CSR and Private Key accordingly.

 $ openssl req -out devopsmyway.csr -new -newkey rsa:2048 -nodes -keyout devopsmyway.private.key

The following screen will appear. Provide the required details as follows:

Generating a RSA private key
………………………….+++++
..+++++
writing new private key to ‘devopsmyway.private.key’
—-
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—-
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:DL
Locality Name (eg, city) []:DELHI
Organization Name (eg, company) [Internet Widgits Pty Ltd]:DEVOPSMYWAY PVT. LTD.
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:devopsmyway.com
Email Address []:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Note:  If you want Wild Card SSL Certificate for your domain. Put *.domainname (e.g-  *.devopsmyway.com) in the Common Name

Step 3 –  Get your CSR and Private Key

As soon as you generate your CSR from the above command two files will we generated with .csr and .key extension.

List CSR file using LS command

 $ ls  

devopsmyway.csr         devopsmyway.private.key

Step 4 – Verify if CSR is generated properly.

Use cat command to see the content of  CSR

 $ cat devopsmyway.csr

-----BEGIN CERTIFICATE REQUEST-----
MIICtjCCAZ4CAQAwcTELMAkGA1UEBhMCSU4xCzAJBgNVBAgMAkRMMQ4wDAYDVQQH
DAVERUxISTEeMBwGA1UECgwVREVWT1BTTVlXQVkgUFZULiBMVEQuMQswCQYDVQQL
DAJJVDEYMBYGA1UEAwwPZGV2b3BzbXl3YXkuY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA0TYKp5mW1O5TIrsJegeT0OXNfwaEqibQZJqYzubeUTOY
3/COjZha1ELKOmhUuPiRhr0L43lLkBbLhu3sYhn9xZ2DjaCGz67sP/AxCFuoT4Dq
yYz3aTyMWZZzcjyIktfMTujQylpy/Q1uZ6ZHi7/H95e3/3Lo3ZxWN4R0fgpACg7F
5NTZMBycbV4tjvFna3/J71How2LIpe6S/7dKyEoGtrqxB03/5qvU9cEoQ3DatB0v
BeTPtrJCi3vMGCV25CPuvck09enJONSKOv9ElU8Bm0UBbX85g3diz9ebABBh6/n1
qSf4DaKtpNwnMgsbQJzM2JVY24IZPhgp8Sq2Qk8A4wIDAQABoAAwDQYJKoZIhvcN
AQELBQADggEBABGDxgByL1Dlht44RV0w/Cffdgd5GkRbPyh5DwrzJx5EH8LeSsut
Gsq3QYi/rmAxZsw+1IJnEPE682iqMB9WZRILQO5i6MC9H+Xj4TfzTNsVGTDUn6q4
1nZakzXUU6iHN54UL8p/HExm3Dd/RBlLs+iIe4NDQb8EwtXV83ohSoSyKUX6+lTX
2EMqqD9gyQUtDGTPmdDlVzRGDyiUVoI9jOMz6fn8eTcZcaQOWpGJ6eWGSGpQjILP
geEl+DL2TqK58hZZC66YFGQMkRG1pyOOvPh9Dx/AxUJIwk/xEuK9dvn8Mn56Zc7B
YzQeqXi01i2uOvksp2pgkEPooKszdDn6HCQ=
-----END CERTIFICATE REQUEST-----

Open the following link and paste the content of CSR to see if CSR is generated properly

https://www.sslshopper.com/csr-decoder.html

 

Step 5 –  Keep your Private key file safely and don’t share it with anyone. You will need this Private Key at the time of SSL Certificate Installation. Share the CSR file to Certificate Authority to generate or Renew SSL Certificate for your Website.

Click to Tweet this tip!

I hope you enjoyed this tutorial and learned about “how to generate certificate signing request(CSR) in Linux”. If you think this is really helpful, please do share this article with others as well. Please also share your valuable feedback, comment, or any query in the comment box. I will really happy to resolve your all queries any.

Thank You