How to Generate a CSR (Certificate Signing Request) for a SSL Certificate

How to Steps

How to generate a CSR

If you need a SSL certificate for your application or server, you will first need to generate a private key and a certificate signing request (CSR).  If you are using a third-party application, follow the instructions for your application to generate the key and CSR.  Remember, certificate keys must be generated with 2048 bits or they will not be accepted.

If you are using either Apache on Linux or IIS on Windows, or if your application does not have a built in mechanism for generating certificates you can follow the directions below:

 

1.  In order to get an SSL certificate and key (for use by an httpd server, for example), you must first create a Certificate Signing Request (CSR). Here is a typical OpenSSL command and the resulting interactive session:

        > openssl req -new -newkey rsa:2048 -keyout NAMEOFHOST.pem -nodes -out NAMEOFHOST.csr

2. If you already have an existing key and you simply need to generate a new csr you can use the following command:

        > openssl req -new -key FILENAME -out NAMEOFSERVER.csr

3.  You will then be asked to provide a few bits of information. The values you will have to enter are in bold below:

        You are about to be asked to enter information that will be incorporated 
        into your certificate request.
        What you are about to enter is what is called a Distinguished Name or a DN.
        There are quite a few fields but you can leave some blank
        For some fields there will be a default value,
        If you enter ".", the field will be left blank.
        -----
        Country Name (2 letter code) [AU]:US
        State or Province Name (full name) [Some-State]:Nebraska
        Locality Name (eg, city) []:Omaha
        Organization Name (eg, company) [Internet Widgets Pty Ltd]:Creighton University
        Organizational Unit Name (eg, section) []:Your Department Name eg: DoIT
        Common Name (eg, YOUR name) []: server name eg: people.creighton.edu
        Email Address []:
       
        Please enter the following "extra" attributes
        to be sent with your certificate request
        A challenge password []:
        An optional company name []:

4.  You can then view the contents of NAMEOFHOST.csr using a standard text editor. You will need to copy and paste everything including the -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- into the request form for a new certificate.

 

 

 

 

If this article did not help, please review the Related Articles in the right hand column or select the Related Services / Offerings and choose Report an Issue or Problem to open a ticket with the myIT Service Desk.
Print Article

Details

Article ID: 513
Created
Tue 3/5/24 3:08 PM
Modified
Tue 3/5/24 3:31 PM

Related Articles (1)

Steps to Renew a SSL Certificate
If you have a certificate that is close to expiring and need to renew, follow the steps in this article.