How do I generate a CSR key?

October 8, 2014 36.8k views

Hi there, I'm still kind of a huge noob to this. So I've created by own SSL certificate but I'd like to use one that's been verified by a third party. However, this third party is requesting that I enter a CSR key. How do I go about generating one so I can incorporate a different SSL certificate?
Thanks in advance!

1 comment
  • Generate a Certificate Signing Request (CSR) on Ubuntu 14.04

    openssl genrsa -out example.com.key 4096

    openssl req -new -key example.com.key -out example.com.csr

5 Answers

Thanks to ryanpq for the helpful answer ; I'd like to elaborate on the answer a bit.

To the totally uninitiated in Ubuntu, as I am:

You need to log into your Ubuntu server. First, I was trying to generate a csr from terminal on my PC, using ryanpq's:

openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

Indeed, doing it from my PC, I was prompted through the list of questions - country, name, etc - and I was told a csr was generated, but I couldn't find it anywhere on my PC.

So, log into your server with ssh or whatever you use, where the csr will be hosted on. I don't believe the csr generated on your PC is any use.

I used sudo -s to log in as a super user. on my server, giving me root access. I put in ryanpq's command and answered the questions that followed - name, challenge password etc.

At the end of it all, I don't think I got a confirmation that the csr had been generated, which would have been nice.

I typed : ls -a (which means show files in currently directory)

I saw one named mycompany.csr (my company being the actual name of my business) and typed:

cat mycompany.csr (which opens that file)

The csr file opens, displaying the csr password - everything between 'BEGIN CERTIFICATE REQUEST' and 'END CERTIFICATE REQUEST'

The following command can be used to generate a CSR. I would recommend checking the documentation with the certificate authority you are using as well as they may provide slightly different instructions

openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
  • Thanks for your quick response! It prompted me to fill out various bits of information (city, state, email address) but I never got an actual key that I could use.

After completing the questions you mentioned to provide the relevant details for your certificate this command would create a file called "yourdomain.csr" is your current directory that would have the signing request your certificate authority would need.

Thanks guys. Now, how do I copy the CSR file to my desktop? Highlighting the text isn't working on the console. Thanks

You would cd into the directory of the file you just created and would use: cat yourdomain.csr to display the CSR on screen. You could copy and paste that into whatever you need. Good luck!

Have another answer? Share your knowledge.