How to Make a Certificate Signing Request (CSR) Using OpenSSL
From your OpenSSL folder, run the command: openssl genrsa –des3 –out www.mywebsite.com.key 2048 OpenSSL is installed under "/usr/local/ssl/bin"., Create a password for your private key., Your private key has been generated., Use the command...
Step-by-Step Guide
-
Step 1: From your OpenSSL folder
However, if you manually installed it, run the commands from that folder.
If you don't want to have password protection, do not use the
-des3 option.
This will, however make it vulnerable. -
Step 2: run the command: openssl genrsa –des3 –out www.mywebsite.com.key 2048 OpenSSL is installed under "/usr/local/ssl/bin".
Take note of this password as it will be used later on. , You will find it in the same folder. ,, It will ask for a series of question:
Country Name is a two letter code (e.g., US, CN) State or Province Name must be spelled out entirely (e.g., California, Texas) Locality Name is the full city name (e.g., Denver, San Diego) Organization Name is the full name as registered with the Secretary of State or governing entity (e.g., MyCompany, Inc., Joe's Computer) Organizational Unit Name is used to specify a department (i.e., IT, Support) Common Name for SSL is the FQDN
- Fully Qualified Domain Name, different level subdomains, or IP Address (e.g., mywebsite.com, www.mywebsite.com, login.mywebsite.com,
109.10.21.1).
For client digital certificates the Common Name is either the individual's name or the full organization name (i.e., John Smith, MyCompany, Inc.) Do not enter the Email Address, challenge password, and optional company name. , Use the command: openssl req
-noout
-text
-in www.mydomain.com.csr -
Step 3: Create a password for your private key.
-
Step 4: Your private key has been generated.
-
Step 5: Use the command: openssl req –new –key www.mywebsite.com.key –out www.mywebsite.com.csr It will ask for the password you created earlier for verification.
-
Step 6: Enter your information.
-
Step 7: Verify the CSR to ensure that you have all entered correct information.
Detailed Guide
However, if you manually installed it, run the commands from that folder.
If you don't want to have password protection, do not use the
-des3 option.
This will, however make it vulnerable.
Take note of this password as it will be used later on. , You will find it in the same folder. ,, It will ask for a series of question:
Country Name is a two letter code (e.g., US, CN) State or Province Name must be spelled out entirely (e.g., California, Texas) Locality Name is the full city name (e.g., Denver, San Diego) Organization Name is the full name as registered with the Secretary of State or governing entity (e.g., MyCompany, Inc., Joe's Computer) Organizational Unit Name is used to specify a department (i.e., IT, Support) Common Name for SSL is the FQDN
- Fully Qualified Domain Name, different level subdomains, or IP Address (e.g., mywebsite.com, www.mywebsite.com, login.mywebsite.com,
109.10.21.1).
For client digital certificates the Common Name is either the individual's name or the full organization name (i.e., John Smith, MyCompany, Inc.) Do not enter the Email Address, challenge password, and optional company name. , Use the command: openssl req
-noout
-text
-in www.mydomain.com.csr
About the Author
Jacqueline Lane
Specializes in breaking down complex DIY projects topics into simple steps.
Rate This Guide
How helpful was this guide? Click to rate: