×


Generate CSR (Certificate Signing Request) in Linux ?

To obtain an SSL certificate, CSR (Certificate Signing Request) must be generated. It is then provided to the CA (Certificate Authority) who is responsible to provide such SSL certificates. Such CSR must be generated on the server. CSR includes and stores information such as Country Name, Organization name, domain name, common name, email address, the public key, etc.

Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform related SSL certificate Installation queries on Linux systems.

In this context, we shall look into easy steps to generate CSR using openssl in any Linux system.


Types of SSL Certificates includes:
  • Self Signed Certificate: Self Signed certificates are usually generated to run the website in the developing phase or test environment. It is simply generated by using OpenSSL or any other tool which is free to use.
  • Certificate Authority: In other cases, running the website or applications on a production environment, the certificate must be used and generated after verifying by the trusted CA (Certificate Authority).


How to generate Certificate Signing Request(CSR) in Linux ?

To begin, we must have to install tools like OpenSSL to generate Certificate Signing Request (CSR). In order to install OpenSSL on Ubuntu 20.04 Linux system, you can run the below command:

$ sudo apt install openssl

To verify if OpenSSL is installed or not, you can run the following command:

$ sudo openssl -a


How to generate CSR and key in Linux ?

We can run the following command to generate a CSR and key which will be provided later to trusted CA:

$ sudo openssl req -new -newkey rsa:2048 -nodes -keyout test.com.key -out test.com.csr

Here,

  • new = new request
  • new-key rsa:2048 = create 2048-bit RSA key
  • nodes = It tells to not encrypt the key
  • keyout = It species filename to forward key on private key
  • Out = It specifies filename to write CSR to

After executing the above command, it will ask to provide the details such as Country Name, Organization name, domain name, common name, email address. Also, be sure your legally registered company name must be matched with the details you provide. It will be verified perfectly by the Certificate Authority before issuing the certificate.

Next, you can list and view the contents of the file that you have created with the above commands:

$ ls

You can check and print the contents of the CSR with the following command:

$ cat test.com.csr

Finally, you can use such a CSR file to apply for SSL certificates from a trusted CA.


[Need assistance in fixing SSL Certificate issues ? We can help you. ]


Conclusion

This article covers the process of creating a CSR file in any Linyx system which is very necessary before applying for an SSL certificate from a Certificate Authority(CA). In fact, Certificate Signing Request(CSR) is a block encrypted text which is given to Certificate Authority when applying for SSL Certificate. Generation of Certificate Signing Request(CSR) for Secure Sockets Layer(SSL) is common in Linux on various distributions. 

CSR is generated on the server, it stores information relating to the organization, domain name, country, a city which is to be included in the certificate.  The CSR Certificate can be used on any website whenever it is necessary to encrypt communications. To generate an SSL certificate, CSR certificate has to be generated. To obtain a self-signed SSL Certificate, it is necessary to create CSR, after generating submit it to a certificate authority to acquire an SSL Certificate.