How to generate a CSR in ...Step 1: Log in and generate private key
Log in to your server's terminal via Secure Shell (SSH). Generate a new private key using the command below if you don't already have one. Please keep the new private key private-key.pem safe and do not lose it. You will need to use the same private key to generate the CSR to renew the SSL certificate in the future.
openssl genrsa -out private-key.pem 2048
Step 2: Run Certificate Signing Request (CSR) generation command
Generate a new CSR with the newly created private key private-key.pem using the command below. Please change mydomain-com.csr filename based on your domain name so that it is easily to keep a track of.
openssl req -new -key private-key.pem -out mydomain-com.csr
Step 3: Enter your information
Enter CSR details when prompted.
Common Name: The FQDN (fully-qualified domain name) you want to secure with the certificate such as www.google.com, secure.website.org, *.domain.net, etc.
Organization: The full legal name of your organization including the corporate identifier.
Organization Unit (OU): Your department such as ‘Information Technology’ or ‘Website Security.’
City or Locality: The locality or city where your organization is legally incorporated. Do not abbreviate.
State or Province: The state or province where your organization is legally incorporated. Do not abbreviate.
Country: The official two-letter country code (i.e. US, CH) where your organization is legally incorporated.
Note: You are not required to enter a password or passphrase. This optional field is for applying additional security to your key pair.
Step 4: Copy the CSR text from the file
Locate and open the newly created CSR in a text editor and copy all the text including:
-----BEGIN CERTIFICATE REQUEST-----
And
-----END CERTIFICATE REQUEST-----
And
-----END CERTIFICATE REQUEST-----
Step 5: Verify Certificate Signing Request (CSR) details
You can use the CSR Decoder online tool to verify the details of Certificate Signing Request (CSR).