The certificate signing request (CSR) file is used to add personal information to the public certificate, such as your company name and location. The CSR also contains a reference to the private key.
There are two ways to go about creating the CSR file. You can either enter the information into an interactive prompt, or you can create the CSR file from a config file.
Interactive Prompt Method
The req option with the -new -key and -out flags are used to create the CSR file. In this scenario, you must have already created the private key. If you have not yet created the private key, refer to our article on creating a private key. There will be a series of prompts, asking for personal information, such as your organization name and location.
openssl req -new -key example.com.key -out example.com.csr
Configuration File Method
You can create a configuration file that will be used for the creation of the CSR file, such as example.com.config. Here is an example of what you would have in the configuration file. This assumes that the private key file is password protected, hence the inclusion of the input_password (for the private key) and output_password (for the CSR file) options.
[ req ] default_bits = 2048 default_days = 365 default_md = sha256 default_keyfile = example.com.key input_password = foo output_password = bar prompt = no distinguished_name = dn [ dn ] countryName = US countryName_default = US countryName_min = 2 countryName_max = 2 stateOrProvinceName = Wisconsin stateOrProvinceName_default = Wisconsin localityName = Appleton localityName_default = Appleton 0.organizationName = FreeKB 0.organizationName_default = FreeKB organizationalNameUnit = IT organizationalNameUnit_default = IT commonName = www.freekb.net commonName_max = 64 emailAddress = email@example.com emailAddress_max = 64
You can then use the -config option to create the CSR file. The -key option is optional. You would use the -key option to use an existing private key. If the -key option is not used, the follow command will generate a new private key.
openssl req -new -config example.com.config -key example.com.key -out example.com.csr
The req option with the -text -noout -verify and -in flags can be used to view the content of the CSR file.
openssl req -text -noout -verify -in example.com.csr ... Subject: C=US, ST=WI, L=Appleton, O=Example, OU=Example, CN=John Doe Public Key Algorithm: rsaEncryption Public-Key: (2048 bits) Signature Algorithm: sha256WithRSAEncryption ...