FreeKB - OpenSSL Create CSR (certificate signing request)
OpenSSL - Create CSR (certificate signing request)

The certificate signing request (CSR) file is used to add personal information to the public certificate, such as your company name and location. The CSR also contains a reference to the private key.

 

There are two ways to go about creating the CSR file. You can either enter the information into an interactive prompt, or you can create the CSR file from a config file.

 


Interactive Prompt Method

The req option with the -new -key and -out flags are used to create the CSR file. In this scenario, you must have already created the private key. If you have not yet created the private key, refer to our article on creating a private key. There will be a series of prompts, asking for personal information, such as your organization name and location.

openssl req -new -key example.com.key -out example.com.csr

 


Configuration File Method

You can create a configuration file that will be used for the creation of the CSR file, such as example.com.config. Here is an example of what you would have in the configuration file. This assumes that the private key file is password protected, hence the inclusion of the input_password (for the private key) and output_password (for the CSR file) options.

[ req ]
default_bits       = 2048
default_days       = 365
default_md         = sha256
default_keyfile    = example.com.key
input_password     = foo
output_password    = bar
prompt             = no
distinguished_name = dn

[ dn ]
countryName                    = US
countryName_default            = US
countryName_min                = 2
countryName_max                = 2
stateOrProvinceName            = Wisconsin
stateOrProvinceName_default    = Wisconsin
localityName                   = Appleton
localityName_default           = Appleton
0.organizationName             = FreeKB
0.organizationName_default     = FreeKB
organizationalNameUnit         = IT
organizationalNameUnit_default = IT
commonName                     = www.freekb.net
commonName_max                 = 64
emailAddress                   = admin@freekb.net
emailAddress_max               = 64

 

You can then use the -config option to create the CSR file. The -key option is optional. You would use the -key option to use an existing private key. If the -key option is not used, the follow command will generate a new private key.

openssl req -new -config example.com.config -key example.com.key -out example.com.csr

 


Validation

The req option with the -text -noout -verify and -in flags can be used to view the content of the CSR file.

openssl req -text -noout -verify -in example.com.csr
...
Subject: C=US, ST=WI, L=Appleton, O=Example, OU=Example, CN=John Doe
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bits)
Signature Algorithm: sha256WithRSAEncryption
...

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter 9b767 in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |