How To Generate SSL Certificate Signing Request (CSR) in Linux

How To Generate SSL Certificate Signing Request (CSR) in Linux

How To Generate SSL Certificate Signing Request (CSR) in Linux

A Certificate Signing Request (CSR) is an intermediate form of an SSL certificate that enables a Certificate Authority (CA) to generate a signed SSL certificate and verify the identity of a domain’s owner. A CSR is an encoded file that provides you with a standardized way to send us your public key along with some information that identifies your company and domain name.

In this article we will help you how to generate SSL CSR in Linux.

Install Required Packages:

First we need to install the required packages. If the required packages is already installed then ignore this step.

# yum install openssl mod_ssl

Generate Private Key:

Before generating the CSR we need to generate the private key file. Run the below command to generate the key.

# openssl genrsa -out 2048


Generating RSA private key, 2048 bit long modulus
e is 61764 (0x01001)
Enter pass phrase for
Verifying - Enter pass phrase for

Generate a Certificate Signing Request (CSR):

After generating private key, next you need to generate CSR using the above key. The command will ask some information regarding the domain.

# openssl req -new -key -out


You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Chandigarh
Locality Name (eg, city) [Default City]:Chandigarh
Organization Name (eg, company) [Default Company Ltd]:LinuxMastersWiki Pvt. Ltd.
Organizational Unit Name (eg, section) []:BLOG
Common Name (eg, your name or your server's hostname) []
Email Address []

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

You can also create the private key and CSR file using single command. The command first generate the private key then it will generate the CSR.

# openssl req -new -newkey rsa:2048 -nodes -keyout  -out

Now CSR has been generated successfully, use this file to order the SSL certificate.

Was this Tutorial helpful? Help others share on Facebook, Twitter, and Google Plus!

Enjoyed this video?
How To Generate SSL Certificate Signing Request (CSR) in Linux
"No Thanks. Please Close This Box!"