How to create a Private Key and generate a CSR?

1 0 6,149

This article will outline the steps one needs to go through for creating a Private Key, generating a CSR (Certificate Signing Request), and submitting the CSR to a CA (Certificate Authority) provider.

Steps:

  • You will need to install Openssl. Openssl is compatible on both Windows and the many flavors of Linux.
  • Make a directory for each Private Key you plan to generate that will hold the Private Key and corresponding CSR. This will make it easier to keep track of the Private Keys and their correspond CSRs.
➜  Desktop  mkdir myOrg-privatekey
➜  Desktop  cd myOrg-privatekey
➜  myOrg-privatekey  ls
➜  myOrg-privatekey
  • The following command will generate a RSA private key
➜  myOrg-privatekey  openssl genrsa -out myOrg-env.domain.com.key 2048
  • The following command will generate a CSR from the RSA private key
➜  myOrg-privatekey  openssl req -new -out myOrg-env.domain.com.csr -key myOrg-env.domain.com.key

You will be prompted to enter the following information:

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:San Jose
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Apigee
Organizational Unit Name (eg, section) []:Global Service Center
Common Name (e.g. server FQDN or YOUR name) []:myOrg-env.domain.com
Email Address []:admin@domain.com

You will also be prompted for the following 'extra' attributes:

A challenge password []:
An optional company name []:

(These can be left empty at your discretion)

  • If one wanted to create the Private Key and CSR at the same time they would use the following command:
➜  myOrg-privatekey  openssl req -out myOrg-env.domain.com.csr -new -newkey rsa:2048 -nodes -keyout myOrg-env.domain.com.key

This will also prompt you for the following information:

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:San Jose
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Apigee
Organizational Unit Name (eg, section) []:Global Service Center
Common Name (e.g. server FQDN or YOUR name) []:myOrg-env.domain.com
.
.
Email Address []:admin@domain.com..A challenge password []:
An optional company name []:
  • To verify your CSR you just created use the following command:
➜  myOrg-privatekey  openssl req -noout -text -in myOrg-env.domain.com.csr
  • Now you can submit your CSR to a CA provider like Verisign, RapidSSL or one of the many others available.
Version history
Last update:
‎04-10-2015 03:05 PM
Updated by: