Generating a certificate signing request (CSR)

Last Updated : Aug 31, 2016 |

About this task

Use this method after you have created a private key using command in the "Generating a private key" section or if you already have a private key that you would like to use to request a certificate from a CA. This section deals with generating a CSR that can be sent to a CA to request the issuance of a CA-signed SSL certificate. If your CA supports SHA-2, add the -sha256 option to sign the CSR with SHA-2.

Procedure

  1. Run the following command: openssl req -key my-private-key-file.key -new -out csr-file.csr.

    This command creates a new CSR based on an existing private key.

    The -key option specifies an existing private key that will be used to generate a new CSR. The -new option indicates that a CSR is being generated.

  2. Enter the information in the CSR information prompt to complete the process.

Example

# openssl req -key myPrivateKey.key -new -out myCsr.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Maharashtra
Locality Name (eg, city) [Default City]:Pune
Organization Name (eg, company) [Default Company Ltd]:Avaya
Organizational Unit Name (eg, section) []:Avaya
Common Name (eg, your name or your server's hostname) []:mihir-edp-3-2-113.platform.avaya.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:Avaya


# ls -l
total 8
-rw-r--r-- 1 root root 1070 Jul 27 17:45 myCsr.csr
-rw-r--r-- 1 root root 1700 Jul 27 17:37 myPrivateKey.key
Related information
Security