How to Generate CSR OpenSSL

CSR - CSR (Certificate Signing Request)  is a encrypted text block which created on server and later is used to create certificate by certificate authority . CSR files contains organization information and domain information.

We have different way to generate CSR file. Following are steps for generate CSR file with the help of OpenSSL.

Step 1.  Use following URL to download OpenSSL ,  I am downloading "Win32 OpenSSL v1.0.2d Light" version.  

https://slproweb.com/products/Win32OpenSSL.html


Step 2.  Install OpenSSL , remember to use "C:\OpenSSL-Win32" as a installation path


   

Step 3. Create a folder where you want generate CSR file, I created "OpenSSLCSR" in C drive. Like - "C:\ OpenSSLCSR"


Step 4. Now open command prompt and run following command to set OpenSSL configuration file path.
      
set OpenSSL_CONF=c:\OpenSSL-Win32\bin\openssl.cfg



Step 5. Now go to Open SSL installed bin directory for example "C:\OpenSSL-Win32\bin".



To generate your Certificate request (CSR), specifying a SHA256 signature hash. Execute the below command.

openssl req -nodes -sha256 -newkey rsa:2048 -keyout C:\OpenSSLCSR\PrivateKey.key -out C:\OpenSSLCSR\CertificateRequest.csr


Step 6. When you will run this command it will ask you few information like

 

Example
Country Name <2 letter code> [AU]
Insert 2 letter country code like UK,IN,US
State or Province Name (full name) [Some-State]
Utter Pradesh

Locality Name (eg, city) []:
Noida
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Test Company

Organizational Unit Name (eg, section) []:
IT

Common Name (e.g. server FQDN or YOUR name) []:
mysite.com

Email Address []:
myemailid@gmail.com




Please enter the following 'extra' attributes to be sent with your certificate request
           

Example
A challenge password []
mypassword
An optional company name []:
Test Company




Step 7.  When command run successfully it will generate two files inside "C:\ OpenSSLCSR"
 folder

            PrivateKey.key - This file contains the un-encrypted version of your private key. Protect this file, as somebody who obtains it along with your signed public key can impersonate you.

     CertificateSigningRequest.csr - This file contains certificate signing request information . It is not a sensitive information. You need to send this file to certificate authority.

Content of PrivateKey.Key file looks like this.

-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC0mpZjOB1NjFWn
6RQcCiT5sS+nE7zwMTw8O8u0D1S04YAoiYqvYvvut8Eo0BPt8ipPT7ToHi1k0xA5
phhTGo28idymYVI0erO+WCj4RMKYlQoFJ/i/MZzzvm5aCtfDM5Wv0ghNQdMI6EX1
/7y3TWsFortMeoR8c6YvFXcbBZEjdbnvAqc1Fv8ZkGNsrLutVg0l5K7aaRUIx3G0
djpixDPhKKpSypUc7KFNxnpJVchkvavC8xhRUBicnCUxfnYctTZSNUDdvfjrDczs
KCsBwQQXgqMz4d5e444jv94hYtNsTM14QsLrg4P9Udh+c4Aadrw5FF7SgEHXWKUq
dOY69enPAgMBAAECggEAIgZ5zMmWo7SLsq2zzzCOFMiv/J84Wlw8R/DQCOVWhRly
5rA7A533btsJtiG1j3+vPu/6WjzNOpCVHvdO3+FB0MJ8YpA1R5PSZ0r+tP9nVg3G
LICCWasEMduvuKEQU0NVsSE11TBQjP4NqDH9IN+iCRbGiLsQWM4FAhveK6YZ2P8U
en+crmTwq9SmZXB1ZOyHP0hPm3Ol6kA3HZJRB4k9bJudAxwV8yO9oMKTbf7rmH4U
QcOj8WbNMTLL3t1/zbwLzpcHwKr/UyI813phXegfOcqsoGeRq31ziCnOoOdiKnW9
9oRKs4dN1MgbO+vW67wmHKTlbPuOpfYkXnr3t+PlKQKBgQDwQd80Wp31415r8rQZ
FKdnyJwtVRYnwB/3ioQCH+dBlmlMMwV6A/l3Ewd6/fybf4EnZWPz0lA6IBiB6O91
AxnBypODeXULrtzb7W3x+ODU9DZgz5SQ4dTzspRfqPpAauexb8RqLEvMOYHtZ3/D
uTAwbZ9mBZ7K7U+1iNIoUmrKTQKBgQDAcBNbAmn2DvXQNG7iIzTKO6Q2t94a68Og
Rub9hoMGXY1i61pYrA/9XzZrffkVMCzOWMrh9eRtDUcYADtEdZCPCP5Ef9MTdyrI
sceeuljE4QjoR/m+dzUlnX3fp9OPIaicJFAgZXC1IUK4j5Rnu5cphVsYPDiy/Wzj
AykSZsdaiwKBgQCCnX0oLD+GByc1DoxkujrMjF6DsqdJ0wROAmsD8K47lPcH6xEG
JZUA7EJ71gr3ypi/fzqYunTNNNe+AJH2Dkp5dZU+u9ArGtSNaAYGr6QjgeTyOsft
AClSl3pcizQJw1TUvQuOISjQDU+ablMiZ9JP8bjfsRyD/AICkjCWpT/TXQKBgGmb
mCOz+W692wz+GXQlGg16Ga6lzVA83skQ4Cd2MGXH5ZXJz3UmSEgmfnkTUyTboVtE
w2KqTUfDp6Z2ShBR7JlyuAfjlnTySxqE5iYn4ht53CeNiHOMfDA+dBvPwHymXiAC
la6RvP7KWBFtSmZ7PoPc2Zc9RWiFR8J1s46TtQftAoGAJXloel0B73bxb2HFepku
wD7h5faUjcbRu6Y6bZ31AxcfgevnDvlIJ5Gxo/r2qQ28nmkILWVDF39TxCsqZeOW
YttkE/rhFQKdbcDA0Q8/JKSbJ8cLP7TOpzXBv6B7dpWM/vevZk5fLxTBZeKtIw7v
3qvE7CvMBz2rbzL81cDzEoA=
-----END PRIVATE KEY-----

Content of CertificateSigningRequest.csr file looks like this.

-----BEGIN CERTIFICATE REQUEST-----
MIIDDzCCAfcCAQAwgZIxCzAJBgNVBAYTAklOMRYwFAYDVQQIDA1VdHRlciBQcmFk
ZXNoMQ4wDAYDVQQHDAVOb2lkYTEVMBMGA1UECgwMVGVzdCBDb21wYW55MQswCQYD
VQQLDAJJVDETMBEGA1UEAwwKbXlzaXRlLmNvbTEiMCAGCSqGSIb3DQEJARYTbXll
bWFpbGlkQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
ALSalmM4HU2MVafpFBwKJPmxL6cTvPAxPDw7y7QPVLThgCiJiq9i++63wSjQE+3y
Kk9PtOgeLWTTEDmmGFMajbyJ3KZhUjR6s75YKPhEwpiVCgUn+L8xnPO+bloK18Mz
la/SCE1B0wjoRfX/vLdNawWiu0x6hHxzpi8VdxsFkSN1ue8CpzUW/xmQY2ysu61W
DSXkrtppFQjHcbR2OmLEM+EoqlLKlRzsoU3GeklVyGS9q8LzGFFQGJycJTF+dhy1
NlI1QN29+OsNzOwoKwHBBBeCozPh3l7jjiO/3iFi02xMzXhCwuuDg/1R2H5zgBp2
vDkUXtKAQddYpSp05jr16c8CAwEAAaA3MBgGCSqGSIb3DQEJBzELDAlwYXNzb3dv
cmQwGwYJKoZIhvcNAQkCMQ4MDFRlc3QgQ29tcGFueTANBgkqhkiG9w0BAQsFAAOC
AQEAQAoD0uSsC+RZnv4QuoLZAumk3+dOOANnxUAoH0LuDPpxr6ezJrvy+78VDhOJ
9aIco69QKEVzb+Bji3MNOKyedXOiiTT+bzPH6ck4S994oIBLomaTKnoMD46wddrG
k4Odoifbf/GLiS4nh3Zalzu54eA7EmJGHYmaSe0brz2lSnfJcyvYRXo5QLMewAHU
XLT0MPXLKoZPuZJzE7ycKHiivld0tlX0hITCp2vvu5AG8/0VgUkgKXJdYDZVkDKQ
ZIG60AFf/hhNc4QkjBmdxHIwSi1kpKDA7OR0r5SAWnXCT/voRPg3ZoMBvTM0yl3H
8NTsAwCyGXXqEVf9jxGH/3pX8g==
-----END CERTIFICATE REQUEST-----
Previous
Next Post »
Thanks for your comment