In this tutorial we’ll learn how you can use openssl to generate CSR and RSA Private key. CSR is needed when you issue paid SSL certificate.
A CSR (Certificate Signing Request) is a specially formatted encrypted message sent from a Secure Sockets Layer (SSL) digital certificate applicant to a certificate authority (CA). The CSR validates the information the CA requires to issue a certificate.
RSA key is a private key based on RSA algorithm. Private Key is used for authentication and a symmetric key exchange during establishment of an SSL/TLS session. It is a part of the public key infrastructure that is generally used in case of SSL certificates. RSA keys are of 2 types for ssl certs i.e. the lengths are 2048 and 4096.
This command will generate CSR and RSA private key within seconds
For 2048 Key length :
openssl req -nodes -newkey rsa:2048 -sha256 -keyout domainname.key -out domainname.csr
For 4096 key length :
openssl req -nodes -newkey rsa:4096 -sha256 -keyout domainname.key -out domainname.csr
After you completed below form the 2 files are created domainname.key and domainname.csr in the same dir you’ve currently use pwd to get the current dir path
you’ll be asked below questions :
root@server:~# openssl req -nodes -newkey rsa:4096 -sha256 -keyout domainname.key -out domainname.csr Generating a RSA private key .....................................................................................................................................................................................................................................................................................++++ ........++++ writing new private key to 'domainname.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:IN State or Province Name (full name) [Some-State]:IN Locality Name (eg, city) []:IN Organization Name (eg, company) [Internet Widgits Pty Ltd]:WORDPRESS Organizational Unit Name (eg, section) []:BLOG Common Name (e.g. server FQDN or YOUR name) []:uxlinux.com Email Address []:emailid@gmail.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:UXLINUX
**A challenge password should be empty hit enter key
Type ls command to list if the files are generated :
root@server:~# ls domainname.csr domainname.key
