Sunday, July 4, 2021
Generate csr on linux server using openssl
Hello Everyone, Welcome to another blog where i'll walk you through step by step CSR generation process on Apache web server. So lets start without any further due.
Generate a CSR on a Linux server
At the command prompt, type the following and hit Return. Change the bit length (2048) to the appropriate bit length for the SSL issuer. Typically 2048 is sufficient.
General OpenSSL Commands
Step 1: Generate a Key
Pair
The utility “openssl” is
used to generate the key and CSR. This utility comes with theOpenSSL package
and is usually installed under /usr/local/ssl/bin. If you have installed them
elsewhere you will need to adjust these instructions appropriately.
Type the following
command at the prompt:
• Generate a new private key and Certificate Signing Request
openssl req -out domain.csr -new -newkey rsa:2048 -nodes -keyout domainprivate.key
Fill out the requested information below. For the State, use the full name not an abbreviation. The Organization Name should be a publicly verifiable name (such as is listed on bank statements, bills, taxes, etc). The common name is the domain for which the SSL is being issued. For example, if you're ordering an SSL for domain.com, then the name would be domain.com. If you're ordering an SSL for www.domain.com, then the name would be www.domain.com, for wildcard certificate use *.domain.com
You may chose to leave the email address and challenge password blank by simply hitting return when prompted.
Generating a 2048 bit RSA private key
...........+++
.............................+++
writing new private key to 'private.key'
-----
You
are about to be asked to enter information that will be incorporated
into
your certificate request.
What
you are about to enter is what is called a Distinguished Name or a DN.
There
are quite a few fields but you can leave some blank
For
some fields there will be a default value,
If you
enter '.', the field will be left blank.
-----
Country Name (2 letter code) :IN
State
or Province Name (full name):Delhi
Locality Name (eg, city:New Delhi
Organization Name (eg, company) [My Company Ltd]:My Company Name (e.g. PKI404)
Organizational Unit Name (eg, section) []:Security
Common
Name (eg, your name or your server's hostname) []:www.domain.com (e.g www.pki404.com)
Email
Address []: Not Required(do not enter anything)
Please
enter the following 'extra' attributes
to be
sent with your certificate request
A
challenge password []: Not Required(do not enter anything)
An
optional company name []: Not Required(do not enter anything)
Once
the form is filled out, two files will be created in the directory in which the
command was run one will be domain.csr and other domainprivate.key. The file
domain.csr has the CSR for the SSL which will need to provide to the SSL
issuer.
Stay tuned for more such blogs. :)
x
No comments :
Post a Comment