How to generate CSR with OPENSSL?

Hello everyone!!!!

In my company, we need to generate a new csr to renew our certificate and so I’d like to share some information:

A Certificate Signing Request (CSR) is a cryptographic file created when requesting an SSL/TLS certificate for a website. It contains essential details about the domain and organization, and its purpose is to request a Certificate Authority (CA) to issue a certificate. There are some key elements in a CSR:

1- Common Name: The fully qualified domain name (e.g., www.burcumeken.com) for which the SSL certificate is requested.

2-Organization (O): The legal name of the organization.

3-Organizational Unit (OU): The department within the organization, e.g., “IT Department.”

4-Country (C): The country code (ISO format, e.g., US).

5-State/Province (ST): The state or province where the organization is registered.

6-City/Locality (L): The city where the organization is located.

7-Email Address: Sometimes included for CA communication.

You can also leave some fields blank or press Enter to skip optional ones.

Step 1: Verify OpenSSL Version

The version of OpenSSL installed on your system determines the cryptographic algorithms and protocols available for use. Checking your version is especially important when addressing potential issues or ensuring compatibility.

openssl version -a

The -a flag is used to enable Base64 encoding for output or input data in Linux OS in above.

Step 2:

openssl req -new -newkey rsa:2048 -nodes -keyout private.key -out request.csr

In this command we are requesting new “csr” 2048 bit key with RSA cryptographic algorithm. You can see the output on below in macOS system:

You can show your private key by writing nano private.key in your terminal:

To check your csr file, you can use ls *.csr command:

After getting all files, you can verify your csr file by using the following command to view the contents of the CSR file before submitting it to a Certificate Authority (CA):

Once you receive your certificate, it’s important to confirm that the certificate details align with your private key.