OpenSSL: Generate CSR
Introduction
A Certificate Signing Request (CSR) is a crucial step in obtaining an SSL/TLS certificate for securing websites, servers, or other network services. The CSR contains encoded information about the organization, domain, and public key, which is used by a Certificate Authority (CA) to issue a digital certificate.
OpenSSL is a widely used open-source tool for cryptographic operations, including generating CSRs. On a Windows Server, OpenSSL can be installed and used to create a 4096-bit CSR, ensuring strong encryption and security.
Prerequisites
OpenSSL installed on the Windows Server. If not installed, it can be downloaded from OpenSSL for Windows.
Administrative access to the server.
A valid domain name for the SSL certificate.
CSR Generation Process
The process involves two key steps:
Generating a private key (4096-bit or Other).
Creating a CSR using the private key.
After generating the CSR, it must be submitted to a Certificate Authority (CA) like DigiCert, Let's Encrypt, or GoDaddy for SSL certificate issuance.
Practical
Step 1: Generate a Private Key (4096-bit)
Open Command Prompt (cmd) as Administrator and run:
openssl genrsa -out domain_private.key 4096Step 2: Generate the CSR (Certificate Signing Request)
Run the following command:
openssl req -new -key domain_private.key -out domain.csrIt will prompt you to enter details such as:
Country Name (e.g.,
IN)State or Province Name (e.g.,
ASSAM)Locality Name (e.g.,
Guwahati)Organization Name (e.g.,
My Company Ltd)Organizational Unit Name (e.g.,
IT Department)Common Name (e.g.,
www.example.com)Email Address (optional)
A Challenge Password (leave empty by pressing Enter)
An Optional Company Name (leave empty by pressing Enter)
Step 3: Verify the CSR
After generating the CSR, verify it using:
openssl req -text -noout -verify -in domain.csrThis displays the CSR details and ensures everything is correct.
REFERENCES
Last updated
Was this helpful?