How to create a CSR (Certificate Signing Request) in Linux using OpenSSL

Before you can purchase or create your own self signed SSL certificate, you must first create a CSR (Certificate Signing Request) and a Private Key. These two files much be created simultaneously or the resulting SSL certificate will not work.

As root, run the following command:

openssl req -nodes -newkey rsa:2048 -keyout -out
Generating a 2048 bit RSA private key
writing new private key to ''
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:State
Locality Name (eg, city) [Default City]:City
Organization Name (eg, company) [Default Company Ltd]:Business Name or
Organizational Unit Name (eg, section) []:optional
Common Name (eg, your name or your server's hostname) []
Email Address []:optional

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:Enter
An optional company name []:Enter

With the above command, both the CSR ( and Private Key ( files are created.

It is important to note in the above example to use the fully qualified domain name (FQDN) for the “Common Name”. If you are going to use the certificate with, enter “”. If you are using an alternate subdomain, such as orders, type “”.

Some SSL providers may create certificates that work for both and, but there is no guarantee this will work for you.

Author: admin on September 16, 2014
Category: Apache

Leave a Reply

You must be logged in to post a comment.

Last articles