How to generate certificate signing request(CSR) in Linux
This tutorial explains, how to generate Certificate Signing Request(CSR) for Linux.
Certificate Signing Request(CSR)
Certificate Signing Request(CSR) is a block of encoded text that is shared to Certificate Authority for purchasing or renewing an SSL Certificate for a Domain/Website.
In this tutorial, we will learn how to generate Certificate Signing Request(CSR) for Linux. When we generate CSR for Linux, we also generate a Private Key and that Private Key we need to keep safe with Us. The Private Key is needed when we Install the SSL Certificate on our Server after SSL Certificate is purchased.
We generate and share the CSR with the Certificate Authority for purchasing/renewing the SSL Certificate for our Website.
Also Read: What is DNS and how it works?
Generate Certificate Signing Request in Linux
Step 1- Install OpenSSL to generate CSR.
Check if OpenSSL is already installed by checking OpenSSL Version
$ openssl version -a
OpenSSL 1.1.1d 10 Sep 2022
built on: Mon Feb 10 17:00:06 2020 UTC
If OpenSSL is not installed, please use the following command to install Openssl
$ sudo apt-get install openssl*
For Amazon Linux/Centos/RHEL
$ sudo yum install openssl*
Step 2 – Generate CSR
Generate CSR using the following command. Change the name of your CSR and Private Key accordingly.
$ openssl req -out devopsmyway.csr -new -newkey rsa:2048 -nodes -keyout devopsmyway.private.key
The following screen will appear. Provide the required details as follows:
Generating a RSA private key
writing new private key to ‘devopsmyway.private.key’
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:DL
Locality Name (eg, city) :DELHI
Organization Name (eg, company) [Internet Widgits Pty Ltd]:DEVOPSMYWAY PVT. LTD.
Organizational Unit Name (eg, section) :IT
Common Name (e.g. server FQDN or YOUR name) :devopsmyway.com
Email Address :
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password :
An optional company name :
Note: If you want Wild Card SSL Certificate for your domain. Put *.domainname (e.g- *.devopsmyway.com) in the Common Name
Step 3 – Get your CSR and Private Key
As soon as you generate your CSR from the above command two files will we generated with .csr and .key extension.
List CSR file using LS command
Step 4 – Verify if CSR is generated properly.
Use cat command to see the content of CSR
$ cat devopsmyway.csr
-----BEGIN CERTIFICATE REQUEST----- MIICtjCCAZ4CAQAwcTELMAkGA1UEBhMCSU4xCzAJBgNVBAgMAkRMMQ4wDAYDVQQH DAVERUxISTEeMBwGA1UECgwVREVWT1BTTVlXQVkgUFZULiBMVEQuMQswCQYDVQQL DAJJVDEYMBYGA1UEAwwPZGV2b3BzbXl3YXkuY29tMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEA0TYKp5mW1O5TIrsJegeT0OXNfwaEqibQZJqYzubeUTOY 3/COjZha1ELKOmhUuPiRhr0L43lLkBbLhu3sYhn9xZ2DjaCGz67sP/AxCFuoT4Dq yYz3aTyMWZZzcjyIktfMTujQylpy/Q1uZ6ZHi7/H95e3/3Lo3ZxWN4R0fgpACg7F 5NTZMBycbV4tjvFna3/J71How2LIpe6S/7dKyEoGtrqxB03/5qvU9cEoQ3DatB0v BeTPtrJCi3vMGCV25CPuvck09enJONSKOv9ElU8Bm0UBbX85g3diz9ebABBh6/n1 qSf4DaKtpNwnMgsbQJzM2JVY24IZPhgp8Sq2Qk8A4wIDAQABoAAwDQYJKoZIhvcN AQELBQADggEBABGDxgByL1Dlht44RV0w/Cffdgd5GkRbPyh5DwrzJx5EH8LeSsut Gsq3QYi/rmAxZsw+1IJnEPE682iqMB9WZRILQO5i6MC9H+Xj4TfzTNsVGTDUn6q4 1nZakzXUU6iHN54UL8p/HExm3Dd/RBlLs+iIe4NDQb8EwtXV83ohSoSyKUX6+lTX 2EMqqD9gyQUtDGTPmdDlVzRGDyiUVoI9jOMz6fn8eTcZcaQOWpGJ6eWGSGpQjILP geEl+DL2TqK58hZZC66YFGQMkRG1pyOOvPh9Dx/AxUJIwk/xEuK9dvn8Mn56Zc7B YzQeqXi01i2uOvksp2pgkEPooKszdDn6HCQ= -----END CERTIFICATE REQUEST-----
Open the following link and paste the content of CSR to see if CSR is generated properly
Step 5 – Keep your Private key file safely and don’t share it with anyone. You will need this Private Key at the time of SSL Certificate Installation. Share the CSR file to Certificate Authority to generate or Renew SSL Certificate for your Website.
Click to Tweet this tip!
I hope you enjoyed this tutorial and learned about “how to generate certificate signing request(CSR) in Linux”. If you think this is really helpful, please do share this article with others as well. Please also share your valuable feedback, comment, or any query in the comment box. I will really happy to resolve your all queries any.