Openssl is a handy and simple command line tool for generating a certificate signing request (CSR). All Linux systems administrator should know how to do this. Below are the steps you will need to go through before you can create a CSR for a 3rd party certificate authority to sign. You can use this to generate a CSR for a Mirosoft CA to sign too.
Before you begin
Make sure you have openssl installed in your Linux operating system.
Below is the command to install it if you don’t
yum install openssl
Step 1. Generate your private key
Use the following command to generate a 2048 bit RSA private key for your CSR.
openssl genrsa -out www.somewebsite.com.key 2048
Step 2. Use the key to generate a CSR
Then use the key you have generated to create a CSR
openssl req -new -sha256 -key www.somewebsite.com.key -out www.somewebsite.com.csr
Step 3. Fill in the information prompted in your request
You will be prompted to provide the below information for your certificate signing request.
Below is an example I have filled.
Read first – Common Name – please specify the fully qualified domain name of the website you are protecting. ie. https://www.somewebsite.com you should use “www.website.com”
Country Name (2 Letter Code) [XX]: US State or Provice Name (full name) []: Washington Locality Name (eg, city) [Default City]: Seattle Organization Name (eg, company) [Default Company Ltd]: Acme Ltd. Organization Unit Name (eg, section) []: IT Common Name (eg, your name or your server's hostname) [] www.somewebsite.com Email Address []: jdoe@acmeltd.com
Below are optional information that you can leave as blank (just hit enter)
A challenge password []: An optional company name []:
Step 4. Verify your CSR
Once you complete the previous step, verify the newly generated CSR
openssl req -noout -text -in www.somewebsite.com.csr
The subject identifiers should be the answers to the questions you have answered above.
Subject: C=US, ST=Washington, L=Seattle, O=Acme Ltd., OU=IT, CN=www.somewebsite.com/emailAddress=jdoe@acmeltd.com
Step 5. Submit your CSR for signing
Once you have verified that your CSR has been generated correctly, you are ready to submit the CSR for signing.
