Generating a CSR on Linux

If you are purchasing an SSL certificate from CeraNet (Order Online) then we offer easy to use web-based CSR/Private Key tools from within our portal after the purchase.  Further, you have the option to choose our concierge service where we offer full service support and installation of the certificate for you.  However, if you are purchasing a certificate elsewhere (or creating a self-signed certificate) for installation on linux server then you will need to generate the CSR/Private key using openssl on your server.

1) Check to see if OpenSSL already installed on your server and install if it is not.

Type the following on systems that use yum such as CentOS

rpm -qa | grep -i openssl

It should return something similiar to the following

openssl-1.0.1e-48.el6_8.1.x86_64
openssl-devel-1.0.1e-48.el6_8.1.x86_64
openssl-1.0.1e-48.el6_8.1.i686

If those package are not returned, you may install OpenSSL with the following command

yum install openssl openssl-devel

Type the following on debian-based systems such as Debian or Ubuntu

dpkg -l |grep openssl

It should return something similiar to the following

ii libgnutls-openssl27:amd64     2.12.23-12ubuntu2.4     amd64     GNU TLS library - OpenSSL wrapper
ii openssl                              1.0.1f-1ubuntu2.16       amd64     Secure Sockets Layer toolkit - cryptographic utility

If those package are not returned, you may install OpenSSL with the following command

apt-get install openssl

2) Generate the RSA key (Private Key)

Create a directory to store the key. Use any directory name you see fit.

mkdir ~/ssldir/
cd ~/ssldir/

Type the following to generate a private key. Substitute domain.com with your domain name.

openssl genrsa -out ~/ssldir/domain.com.key 2048

3) Create the CSR (Certificate Signing Request)

Type the following to generate a CSR. Replace domain.com with your domain name.

openssl req -new -sha256 -key ~/ssldir/domain.com.key -out ~/ssldir/domain.com.csr

You will prompted to enter information required for the CSR.

NOTE: The following characters cannot be used in the Organization name ot Organizational Unit: < > ~ ! @ # $ % ^ * / \ ( ) ?.,&

DN field Explanation Example
Common Name The fully qualified domain name for your web server. This must be an exact match. If you intend to secure the URL https://www.yourdomain.com, then your CSR’s common name must be www.yourdomain.com. Most issued certificates will also include yourdomain.com automatically (https://yourdomain.com) but you should check with your certificate provider to be certain. Wildcard certificates are prefixed with an asterisk: *.domain.com.
Organization Name The exact legal name of your organization. Do not abbreviate your organization name. CeraNet Inc
Organizational Unit Section of the organization. Internet Security
City or Locality The city where your organization is legally located. Columbus
State or Province The state or province where your organization is legally located. Do not use an abbreviation. Ohio
Country The two-letter ISO abbreviation for your country. US

Leave the challenge password blank (press enter).

4) Verify the CSR

Type the following to verify the CSR.

openssl req -noout -text -in ~/ssldir/domain.com.csr

5) Submit the CSR.

Submit the CSR to a certificate authority (RapidSSL, GeoTrust, Sectigo, etc) to have an SSL certificate issued to you.

You do not submit the private key.  Rather, retain the private key which you will use to install your issued SSL certificate once received from the certificate authority.

NOTE: If you purchase an SSL certificate from CeraNet you may use our tools for CSR/Private key generation as previously mentioned in this article. Alternatively, you can purchase a certificate from CeraNet, generate your own CSR as outlined in this article and submit that CSR to CeraNet (via our portal) for certificate issuance.
  • 29 Users Found This Useful
Was this answer helpful?

Related Articles

Installing SSL Certificate

***You must have a dedicated IP to purchase and install a certificate on your site***1. Once you...

Creating CSR

***You must have a dedicated IP to purchase and install a certificate on your site***Sign In to...

Purchasing an SSL Certificate

***You must have a dedicated IP to install a certificate on your site***1. Sign In to our...

Purchasing an SSL Certificate

***You must have a dedicated IP to install a certificate on your site***1. Sign In to our...

Forcing HTTPS on IIS

If you have an SSL certificate on your web site and it is hosted by IIS then you may wish to...