{"id":12555,"date":"2019-03-28T00:26:44","date_gmt":"2019-03-28T00:26:44","guid":{"rendered":"http:\/\/www.appservgrid.com\/paw92\/?p=12555"},"modified":"2019-03-28T00:26:44","modified_gmt":"2019-03-28T00:26:44","slug":"how-to-generate-a-csr-certificate-signing-request-in-linux","status":"publish","type":"post","link":"https:\/\/www.appservgrid.com\/paw92\/index.php\/2019\/03\/28\/how-to-generate-a-csr-certificate-signing-request-in-linux\/","title":{"rendered":"How to Generate a CSR (Certificate Signing Request) in Linux"},"content":{"rendered":"<p><strong>SSL Certificates<\/strong>\u00a0fall into two broad categories: 1)\u00a0<strong>Self-Signed Certificate<\/strong>\u00a0which is an identity certificate that is signed by the same entity whose identity it certifies-on signed with its own private key, and 2)\u00a0<strong>Certificates<\/strong>\u00a0that are signed by a CA (<strong>Certificate Authority<\/strong>) such as\u00a0<a href=\"https:\/\/www.tecmint.com\/category\/lets-encrypt\/\" target=\"_blank\" rel=\"noopener\">Let\u2019s Encrypt<\/a>,\u00a0<strong>Comodo<\/strong>\u00a0and many other companies.<\/p>\n<p><strong>Self-Signed Certificates<\/strong>\u00a0are commonly used in test environments for LAN services or applications. They can be generated for free using\u00a0<strong>OpenSSL<\/strong>\u00a0or any related tool. On the other hand, for sensitive, public-facing production services, applications or websites, it is highly recommended to use a certificate issued and verified by a trusted\u00a0<strong>CA<\/strong>.<\/p>\n<p>The first step towards acquiring an\u00a0<strong>SSL<\/strong>\u00a0certificate issued and verified by a\u00a0<strong>CA<\/strong>\u00a0is generating a\u00a0<strong>CSR<\/strong>\u00a0(short for\u00a0<strong>Certificate Signing Request<\/strong>).<\/p>\n<p>In this article, we will demonstrate how to create a\u00a0<strong>CSR<\/strong>\u00a0(<strong>Certificate Signing Request<\/strong>) on a Linux system.<\/p>\n<h3>Creating a CSR \u2013 Certificate Signing Request in Linux<\/h3>\n<p>To create a\u00a0<strong>CSR<\/strong>, you need the\u00a0<a href=\"https:\/\/www.tecmint.com\/install-openssl-from-source-in-centos-ubuntu\/\" target=\"_blank\" rel=\"noopener\">OpenSSL command line utility<\/a>\u00a0installed on your system, otherwise, run the following command to install it.<\/p>\n<pre>$ sudo apt install openssl  [On Debian\/Ubuntu]\r\n$ sudo yum install openssl  [On CentOS\/RHEL]\r\n$ sudo dnf install openssl  [On Fedora]\r\n<\/pre>\n<p>Then issue the following command to generate a\u00a0<strong>CSR<\/strong>\u00a0and the key that will protect your certificate.<\/p>\n<pre>$ openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr\r\n<\/pre>\n<p>where:<\/p>\n<ul>\n<li><strong>req<\/strong>\u00a0enables the part of OpenSSL that handles certificate requests signing.<\/li>\n<li><strong>-newkey rsa:2048<\/strong>\u00a0creates a 2048-bit RSA key.<\/li>\n<li><strong>-nodes<\/strong>\u00a0means \u201cdon\u2019t encrypt the key\u201d.<\/li>\n<li><strong>-keyout example.com.key<\/strong>\u00a0specifies the filename to write on the created private key.<\/li>\n<li><strong>-out example.com.csr<\/strong>\u00a0specifies the filename to write the CSR to.<\/li>\n<\/ul>\n<p>Answer correctly, the questions you will be asked. Note that your answers should match information in legal documents regarding the registration of your company. This information is critically checked by the\u00a0<strong>CA<\/strong>\u00a0before issuing your certificate.<\/p>\n<div id=\"attachment_32109\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2019\/03\/generate-a-csr.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-32109\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2019\/03\/generate-a-csr.png\" sizes=\"auto, (max-width: 922px) 100vw, 922px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2019\/03\/generate-a-csr.png 922w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2019\/03\/generate-a-csr-768x429.png 768w\" alt=\"Generate CSR in Linux\" width=\"922\" height=\"515\" aria-describedby=\"caption-attachment-32109\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-32109\" class=\"wp-caption-text\">Generate CSR in Linux<\/p>\n<\/div>\n<p>After creating your\u00a0<strong>CSR<\/strong>, view the contents of the file using a\u00a0<a href=\"https:\/\/www.tecmint.com\/13-basic-cat-command-examples-in-linux\/\" target=\"_blank\" rel=\"noopener\">cat utility<\/a>, select it and copy it.<\/p>\n<pre>$ cat example.com.csr\r\n<\/pre>\n<div id=\"attachment_32110\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2019\/03\/copy-csr-file-content.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-32110\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2019\/03\/copy-csr-file-content.png\" alt=\"Copy CSR Key\" width=\"742\" height=\"439\" aria-describedby=\"caption-attachment-32110\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-32110\" class=\"wp-caption-text\">Copy CSR Key<\/p>\n<\/div>\n<p>Then go back to your CA\u2019s website, log in, go to the page will contain the SSL certificate you purchased, and activate it. Then in a window such as the one below, paste your CSR in the correct input field.<\/p>\n<p>In this example, we created a\u00a0<strong>CSR<\/strong>\u00a0for a multiple domain certificate purchased from\u00a0<strong>Namecheap<\/strong>.<\/p>\n<div id=\"attachment_32111\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2019\/03\/activate-csr-from-ca-website.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-32111\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2019\/03\/activate-csr-from-ca-website.png\" sizes=\"auto, (max-width: 1113px) 100vw, 1113px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2019\/03\/activate-csr-from-ca-website.png 1113w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2019\/03\/activate-csr-from-ca-website-768x700.png 768w\" alt=\"Active CSR from CA Website\" width=\"1113\" height=\"1015\" aria-describedby=\"caption-attachment-32111\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-32111\" class=\"wp-caption-text\">Active CSR from CA Website<\/p>\n<\/div>\n<p>Then follow the rest of the instructions to initiate activation of your SSL certificate. For more information about OpenSSL command, see its man page:<\/p>\n<pre>$ man openssl\r\n<\/pre>\n<p>That\u2019s all for now! Always remember that the first step to getting your own SSL certificate from a CA is to generate a CSR. Use the feedback form below to ask any questions or share your comments with us.<\/p>\n<p><a href=\"https:\/\/www.tecmint.com\/generate-csr-certificate-signing-request-in-linux\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>SSL Certificates\u00a0fall into two broad categories: 1)\u00a0Self-Signed Certificate\u00a0which is an identity certificate that is signed by the same entity whose identity it certifies-on signed with its own private key, and 2)\u00a0Certificates\u00a0that are signed by a CA (Certificate Authority) such as\u00a0Let\u2019s Encrypt,\u00a0Comodo\u00a0and many other companies. Self-Signed Certificates\u00a0are commonly used in test environments for LAN services or &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/www.appservgrid.com\/paw92\/index.php\/2019\/03\/28\/how-to-generate-a-csr-certificate-signing-request-in-linux\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;How to Generate a CSR (Certificate Signing Request) in Linux&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-12555","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/12555","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/comments?post=12555"}],"version-history":[{"count":1,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/12555\/revisions"}],"predecessor-version":[{"id":12556,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/12555\/revisions\/12556"}],"wp:attachment":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/media?parent=12555"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/categories?post=12555"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/tags?post=12555"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}