Below is a description of how to generate a Certificate Signing Request ( CSR) with OpenSSL.
Call the program openssl to generate the prompt:
openssl req -nodes -new- newkey rsa : 2048 -out csr.pem
This creates a private key and a corresponding certificate request. Now following output appears on your screen :
# Generating a 2048 bit RSA private key
# ............................................... + + + + + +
............................ # + + + + + +
# Writing new private key to ' privkey.pem '
# You are about to be asked to enter information thatwill be incorporated
# Into your certificate request .
# What you are about to enter is what is called a Distinguished Name or a DN .
# There are quite a few fields but you can leave some blank
# For some fields there will be a default value ,
# If you enter ' . ' , The field will be left blank .
After that you are asked questions about the registration information.
- Enter the 2- stellingen country code (DE = Germany ) .
# Country Name (2 letter code ) [ AU ] : DE
- Enter your state .
# State or Province Name (full name) [ Some - State] : Berlin
- Enter your city.
# Locality Name ( eg , city ) : Berlin
- Enter your name or company name.
# Organization Name ( eg, company) [Pattern Company GmbH ] : Example AG.
- Enter the department in charge ( if any) .
# Organizational Unit Name (eg , section ) : ---
- Enter the exact domain name , which is to be protected by the certificate. Important: The certificate is then valid only for this input .
# Common Name (eg, YOUR name) : example.com
- Enter the email address of the person responsible .
# Email Address [ ] : firstname.lastname@example.org
- The following information is optional .
# Please enter the Following ' extra' attributes
# To be sent with your certificate request
# A challenge password :
# An optional company name [ ] :
The files privkey.pem and csr.pem, which include the private key and the certificate request, are now created.