Generate CSR certificate signing request via command line and with OpenSSL

In this tutorial we’ll learn how you can use openssl to generate CSR and RSA Private key. CSR is needed when you issue paid SSL certificate.

A CSR (Certificate Signing Request) is a specially formatted encrypted message sent from a Secure Sockets Layer (SSL) digital certificate applicant to a certificate authority (CA). The CSR validates the information the CA requires to issue a certificate.

RSA key is a private key based on RSA algorithm. Private Key is used for authentication and a symmetric key exchange during establishment of an SSL/TLS session. It is a part of the public key infrastructure that is generally used in case of SSL certificates. RSA keys are of 2 types for ssl certs i.e. the lengths are 2048 and 4096.

This command will generate CSR and RSA private key within seconds

For 2048 Key length :

openssl req -nodes -newkey rsa:2048 -sha256 -keyout domainname.key -out domainname.csr

For 4096 key length :

openssl req -nodes -newkey rsa:4096 -sha256 -keyout domainname.key -out domainname.csr

After you completed below form the 2 files are created domainname.key and domainname.csr in the same dir you’ve currently use pwd to get the current dir path

you’ll be asked below questions :

root@server:~# openssl req -nodes -newkey rsa:4096 -sha256 -keyout domainname.key -out domainname.csr
Generating a RSA private key
.....................................................................................................................................................................................................................................................................................++++
........++++
writing new private key to 'domainname.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:IN
Locality Name (eg, city) []:IN
Organization Name (eg, company) [Internet Widgits Pty Ltd]:WORDPRESS
Organizational Unit Name (eg, section) []:BLOG
Common Name (e.g. server FQDN or YOUR name) []:alphagnu.com
Email Address []:emailid@gmail.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:alphagnu
**A challenge password should be empty hit enter key

Type ls command to list if the files are generated :

root@server:~# ls
domainname.csr   domainname.key