Generating CSR for SSL Certificate

Generating Certificate Signing Request is essentially the first step towards installing SSL certificate. This post is about generating a CSR using Openssl on Linux system.


You need openssl installed on your system, depending on your distribution you can install openssl from the package manager of compile it from the source.

Generate a Key

Generate a RSA key for Apache server and store it in some arbitrary spot, does not matter where you store the key, but make sure the key is accessible by user account running Apache.

$mkdir -p ~/mylocation/ssl/

$cd ~/mylocation/ssl

$openssl genrsa -out 2048

Replace domainname with appropriate key name.

Generate CSR

Generate the csr using the key and enter appropriate information for the certificates. When you are asked for FQDN or Common name enter your fully accessible domain name and remember the server using this later generated certificate should be able to resolve this FQDN as servername. Leave the challenge passphrase empty, or you can enter create one. Save this passphrase for future, this will be required whenever you want to reload the ssl certificate.

$ openssl req -new -key -out

This will generate a csr file. Submit this CSR file to your SSL provider and obtain SSL certificate. Replace the domainname with appropriate names.

Verify the CSR

You can verify the generated csr file to check if the csr file is valid or not.

$openssl req -noout -text -in

This should show content of the csr file.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s