How to create CSR ( Certificate Signing Request ) for new SSL or to renew SSL?

What is SSL?

SSL (Secure Sockets Layer) is a standard security protocol for establishing encrypted connection between a web server and client browser in communication.

The usage of SSL technology ensures that all data transmitted between the web server and clients browser remains encrypted.

To get the SSL from Certificate Authorities, you must need to provide the CSR to them and Certificate Authorities will sign the certificate provided by you. CSR contains the information related to Country, State, Locality, Organisation, Organisation Unit, Common Name – Domain Name and email address as well as public key.

Let’s learn how to generate the CSR?

Step 1: Generate the private key first. If you are renewing the SSL this step is not required. To generate the private key use below mentioned command.

surya@x ~/ » openssl genrsa -out 4096

 1 ↵
Generating RSA private key, 4096 bit long modulus
e is 65537 (0x010001)

2048 or higher bit private key recommended. I have used 4096 bit.

Step 2: Now generate the CSR by using below command.


surya@x ~/ » openssl req -new -key -out 

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:HR
Locality Name (eg, city) []:Gurgaon
Organization Name (eg, company) [Internet Widgits Pty Ltd]:SuryaElite
Organizational Unit Name (eg, section) []:blog
Common Name (e.g. server FQDN or YOUR name) [] 
Email Address []

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:Surya Elite Pvt. Ltd.

Now you will have two files, one is private key and second one is CSR. Not you need to send the CSR file to Certificate Authority and then Certificate Authority will sign the Certificate and send you the Certificate.

Now you need to apply the SSL to the web server you are using NGINX or Apache. So this is how you can generate the CSR File.

Living in permanent beta mode: Learning, Improving & evolving. SPECIALTIES: Web Application Development, Digital Media, E-Commerce Solutions, SEO, CRM Solutions, Open Source Technologies, System Administration ( Linux ), VOIP Solutions, Cloud Computing, Web Security.

1 comments On How to create CSR ( Certificate Signing Request ) for new SSL or to renew SSL?

Leave a reply:

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Site Footer