One minute
Create a Certificate Signing Request (CSR) with OpenSSL
I needed to set up HTTPS enabled website in a secured business environment and a part of the process is to submit a Certificate Signing Request (CSR) to Certificate Authority (CA).
HTTPS is SSL/TLS layer that secure communication between client and server on top of HTTP. If you’d like to know more about how HTTPS works, Robert Heaton wrote a good article about SSL/TLS over HTTP right here.
To generate the .csr
file I needed a private key, and there are a few ways I can generate the private key with. I can generate the private key on its own, along with the public key set or altogether with both public key and the .csr
file. OpenSSL is a handy CLI tool that can generate these files.
Here is below some handy OpenSSL commands that I used to generate .csr
files.
# Generate CSR file and private key with 2048 bit encryption
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout private.key
# Generate CSR file with both private and public key
openssl req -out CSR.csr -key private.key -new
# Verify your CSR file
openssl req -text -noout -verify -in CSR.csr
# Validate your CSR file against private key
openssl req -noout -modulus -in CSR.csr | openssl md5