1. Openssl Generate A New Private Key And Certificate Signing Request Linux

Sep 11, 2018 The first thing to do would be to generate a 2048-bit RSA key pair locally. This pair will contain both your private and public key. You can use Java key tool or some other tool, but we will be working with OpenSSL. To generate a public and private key with a certificate signing request (CSR), run the following OpenSSL command.

Openssl Generate A New Private Key And Certificate Signing Request Linux

SSL Basics: What is a Certificate Signing Request (CSR)?

For those of you who are new to SSL, or even you veterans who just want to brush up on your knowledge, we’re starting a series on SSL basics. First up are certificate signing requests (CSRs). These little files are a critical part of applying for an SSL Certificate, but what are they exactly and how can you generate one?

A certificate signing request (CSR) is one of the first steps towards getting your own SSL Certificate. Generated on the same server you plan to install the certificate on, the CSR contains information (e.g. common name, organization, country) the Certificate Authority (CA) will use to create your certificate. It also contains the public key that will be included in your certificate and is signed with the corresponding private key. We’ll go into more details on the roles of these keys below.

The CA will use the data from the CSR to build your SSL Certificate. The key pieces of information include the following.

Openssl generate a new private key and certificate signing request linux

1. Information about your business and the website you’re trying to equip with SSL, including:

Common Name (CN)

(e.g. *.example.com



The fully qualified domain name (FQDN) of your server.

Organization (O)

The legal name of your organization. Do not abbreviate and include any suffixes, such as Inc., Corp., or LLC.

For EV and OV SSL Certificates, this information is verified by the CA and included in the certificate.

Organizational Unit (OU)

The division of your organization handling the certificate.

City/Locality (L)

The city where your organization is located. This shouldn’t be abbreviated.

State/County/Region (S)

The state/region where your organization is located. This shouldn't be abbreviated.

Country (C)

The two-letter code for the country where your organization is located.

Email Address

An email address used to contact your organization.

2. The public key that will be included in the certificate. SSL uses public-key, or asymmetric, cryptography to encrypt transmitted data during an SSL session. The public key is used to encrypt and the corresponding private key is used to decrypt.

Openssl generate a new private key and certificate signing request code

3. Information about the key type and length. The most common key size is RSA 2048, but some CAs support larger key sizes (e.g. RSA 4096+) or ECC keys.

The CSR itself is usually created in a Base-64 based PEM format. You can open the CSR file using a simple text editor and it will look like the sample below. You must include the header and footer (-----BEGIN NEW CERTIFICATE REQUEST-----) when pasting the CSR.


Generating the CSR will depend on the platform you’re using. We have a number of support articles with step-by-step instructions for doing this in the most popular platforms, including cPanel, Exchange, IIS, Java Keytool and OpenSSL. You can find them here.

Here's a few videos for the top support queries we get regarding the generation of a Certificate Signing Request or CSR.

How to Create a CSR in Microsoft Management Console or MMC

How to Create a CSR in Java Key Store

How to Create a CSR in Apache OpenSSL

How to Create a CSR in IIS 10

Have questions about CSRs or about SSL in general? Ideas for other topics we cover? Let us know in the comments or contact us here.

Please enable JavaScript to view the comments powered by Disqus.


Coments are closed
Scroll to top