How To Generate Certificate Signing Request (CSR) with OpenSSL?
  • Post category:Windows
  • Post comments:0 Comments
  • Post author:
  • Post published:14/04/2021
  • Post last modified:14/04/2021

OpenSSL provides different features about security and certificates. Public and Private Key cryptography also supported by OpenSSL. Websites, Firewalls and other applications uses Certificates in order to encrypt their network traffic or authenticate each other. In this tutorial we will look how to create Certificate Signing Request.

Generate RSA Key

Now we assume we do not have any Public and Private Key pair. If we have Public and Private key pair please skip to the second step. RSA is very popular and efficient asymmetric encryption algorithm used by a lot of security mechanisms.We can also use RSA in X509 certificates. In this step we will create create an RSA Private key with PEM format. This key size will be 2048 bit.

$ openssl genrsa -out myprivate.pem 2048
Generate RSA Key
Generate RSA Key

Certificate Signing

Certificate signing means an Authority or Certificate Authority have checked provided certificate and signed it with its private key. After that step the entities trust Certificate Authority will see and check the sign of the Certificate Authority in the signed Certificate. In order to sign Certificate we need to create a Certificate Signing Request (CSR) which is described below.

Create Certificate Signing Request (CSR)

We will generate a Certificate Signing Request (CSR) by pointing our private key. We will use req verb of the OpenSSL. We will use -sha256 as digest algorithm. The Certificate Signing Request file will be specified with -out option and will have .csr extension.

$ openssl req -new -sha256 -key my -out myrequest.csr
Create Certificate Signing Request (CSR)
Create Certificate Signing Request (CSR)

Verify Certificate Signing Request (CSR)

After create a Certificate Signing Request we can view the files and review it. We will use req verb again. We will use -noout and -text options to print to the shell.

$ openssl req -noout -text -in myrequest.csr
Verify Certificate Signing Request (CSR)
Verify Certificate Signing Request (CSR)

Submit To The Certificate Authority

The last step is sending this myrequest.csr file to the Certificate Authorities like below. By the way naming our CSR with our URL will made is more practical and easy to read like poftut.csr

  • Thawte
  • RapidSSL
  • Lets Encrypt
  • Digicert
LEARN MORE  How To Generate Ssh Key With ssh-keygen In Linux?

Leave a Reply