Generate CSR & Private Key for Domain Name using OpenSSL

A Certificate Signing Request (CSR) is essential for obtaining an SSL/TLS certificate from a Certificate Authority (CA). Alongside this, a private key is generated which should be kept secure. This guide explains how to create a CSR and a private key in PEM format using OpenSSL with a specific command structure.

Prerequisites

  • OpenSSL Installed: Ensure OpenSSL is installed on your system. It's available on most Unix-like operating systems by default and can be installed on Windows.

Steps

  1. Open Terminal or Command Prompt

    • On Unix-like systems (Linux, macOS), open your terminal.
    • On Windows, open Command Prompt or PowerShell.

  2. Generate CSR and Private Key

    • Use the following command structure, replacing placeholders with your information:
      bash
      openssl req -nodes -newkey rsa:2048 -keyout <DomainName>.privkey.pem -out <DomainName>.csr -subj "/C=<CountryCode>/ST=<State>/L=<Location>/O=<Organistaion>/OU=<Department>/CN=<DomainName>/emailAddress=hostmaster@<DomainName>"
    • Replace <DomainName>, <CountryCode>, <State>, <Location>, <Organisation>, and <Department> with your specific details.
    • For example, if your domain is example.com and you are located in the US, in California, the command might look like:
      bash
      openssl req -nodes -newkey rsa:2048 -keyout example.com.privkey.pem -out example.com.csr -subj "/C=US/ST=California/L=San Francisco/O=Example Inc./OU=IT/CN=example.com/emailAddress=hostmaster@example.com"
    • This command performs two main actions:
      • Generates a new RSA private key of 2048 bits: Saved as privkey.pem.
      • Creates a CSR: Named as per your domain (e.g., example.com.csr).

  3. Verify the CSR and Private Key

    • After running the command, ensure that two files are created: privkey.pem and <DomainName>.csr.
    • You can view the contents of your CSR using the command:
      bash
      openssl req -text -noout -verify -in <DomainName>.csr
    • Verify that all the details in the CSR are correct.

Important Notes

  • Keep the Private Key Secure: The privkey.pem file is crucial for your SSL/TLS certificate and should be kept private and secure.
  • Send CSR to a Certificate Authority (CA): Submit the .csr file to a CA to obtain an SSL/TLS certificate. Do not send your private key.

Conclusion

By following these steps, you will have successfully created a CSR and a corresponding private key using OpenSSL. This is a fundamental process in setting up SSL/TLS for secure communications on your domain.

  • openssl, ssl, security
  • 180 Users Found This Useful
Was this answer helpful?