How to generate certificate signing request(CSR) in Linux

This tutorial explains, how to generate Certificate Signing Request(CSR) for Linux.


Certificate Signing Request(CSR)


Certificate Signing Request(CSR) is a block of encoded text that is shared to Certificate Authority for purchasing or renewing an SSL Certificate for a Domain/Website.

In this tutorial, we will learn how to generate Certificate Signing Request(CSR) for Linux. When we generate CSR for Linux, we also generate a Private Key and that Private Key we need to keep safe with Us. The Private Key is needed when we Install the SSL Certificate on our Server after SSL Certificate is purchased.

We generate and share the CSR with the Certificate Authority for purchasing/renewing the SSL Certificate for our Website.


Read:  Git Install on Ubuntu/Centos/Amazon Linux/Windows

Also Read: What is DNS and how it works?


Generate Certificate Signing Request in Linux


Step 1- Install OpenSSL to generate CSR.

Check if OpenSSL is already installed by checking OpenSSL Version

  $ openssl version -a

   OpenSSL 1.1.1d 10 Sep 2022
    built on: Mon Feb 10 17:00:06 2020 UTC
    platform: linux-x86_64

If OpenSSL is not installed, please use the following command to install Openssl

  For Ubuntu/Debian

  $ sudo apt-get install openssl*

For Amazon Linux/Centos/RHEL

 $ sudo yum install openssl*

Step 2 – Generate CSR

Generate CSR using the following command. Change the name of your CSR and Private Key accordingly.

 $ openssl req -out devopsmyway.csr -new -newkey rsa:2048 -nodes -keyout devopsmyway.private.key

The following screen will appear. Provide the required details as follows:

Generating a RSA private key
writing new private key to ‘devopsmyway.private.key’
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:DL
Locality Name (eg, city) []:DELHI
Organization Name (eg, company) [Internet Widgits Pty Ltd]:DEVOPSMYWAY PVT. LTD.
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []
Email Address []:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Note:  If you want Wild Card SSL Certificate for your domain. Put *.domainname (e.g-  * in the Common Name

Step 3 –  Get your CSR and Private Key

As soon as you generate your CSR from the above command two files will we generated with .csr and .key extension.

List CSR file using LS command

 $ ls  

devopsmyway.csr         devopsmyway.private.key

Step 4 – Verify if CSR is generated properly.

Use cat command to see the content of  CSR

 $ cat devopsmyway.csr


Open the following link and paste the content of CSR to see if CSR is generated properly


Step 5 –  Keep your Private key file safely and don’t share it with anyone. You will need this Private Key at the time of SSL Certificate Installation. Share the CSR file to Certificate Authority to generate or Renew SSL Certificate for your Website.

Click to Tweet this tip!

I hope you enjoyed this tutorial and learned about “how to generate certificate signing request(CSR) in Linux”. If you think this is really helpful, please do share this article with others as well. Please also share your valuable feedback, comment, or any query in the comment box. I will really happy to resolve your all queries any.

Thank You

If you think we have helped you or just want to support us, please consider these:-

Connect to us: Facebook | Twitter

You may also like…

Leave a Reply