Have a question or solution? Be sure to visit the SSL.com IT Security Q&A community site.

Home : Generate a CSR for OpenSSL - (see tools.ssl.com)
Q10082 - HOWTO: Generate a CSR for OpenSSL - (see tools.ssl.com)
A CSR is a file containing your certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into the webform in the enrollment process:

*NEW* Try http://tools.ssl.com to automatically create your openssl request

or see below for manual instructions:

Generate keys and certificate (manually)

To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver, "server", use the following command :

       openssl req -new -nodes -keyout myserver.key -out server.csr -newkey rsa:2048

This creates a two files. The file myserver.key contains a private key; do not disclose this file to anyone. Carefully protect the private key.

In particular, be sure to backup the private key, as there is no means to recover it should it be lost. The private key is used as input in the command to generate a Certificate Signing Request (CSR).

You will now be asked to enter details to be entered into your CSR.
What you are about to enter is what is called a Distinguished Name or a DN.

For some fields there will be a default value, If you enter '.', the field will be left blank.

       Country Name (2 letter code) [US]: US
       State or Province Name (full name) []: Texas
       Locality Name (eg, city) []: Houston
       Organization Name (eg, company) []: Your Company Inc
       Organizational Unit Name (eg, section) []: Your Department
       Common Name (eg, YOUR name) []: secure.yourcompanyname.com
       Email Address []:

Please enter the following 'extra' attributes to be sent with your certificate request

       A challenge password []:
       An optional company name []:

Use the name of the webserver as Common Name (CN). If the domain name is mydomain.com append the domain to the hostname (use the fully qualified domain name).

The fields email address, optional company name and challenge password can be left blank for a webserver certificate.

Your CSR will now have been created. Open the server.csr in a text editor and copy and paste the contents into the online enrollment form when requested.

Related Articles
No Related Articles Available.

Article Attachments
No Attachments Available.

Related External Links
Help us improve this article...
What did you think of this article?


Tell us why you rated the content this way. (optional)
Hey, im having torbule using this command:req -new -key digitss.key -out digitss.csr -config openssl.cnfWhen i do I get the following error:error on line -1 of openssl.cnf3900:error:02001002:system library:fopen:no such file or directory:.cryptoioss_file.c:122:fopen(openssl.cnf,rb)3900:error:2006d080:BIO routines:BIO_new_file:no such file:.cryptoioss_file.c:125:3900:error:0e078072:configuration file routines:DEF_LOAD:no such file:.cryptoconfconf_def.c:197:error in reqAny help would be greatly appreciatedBirco Approved: 3/2/2012
Created on 10/1/2004.
Last Modified on 4/20/2012.
Last Modified by Administrator.
Suggested by Alvin Ang
Rated 6 out of 10 based on 3196 votes.
Print Article
Email Article