Generating a Certificate Signing Request

PART 1: Generating the Key Pair

    1. The utility “OpenSSL” is used to generate both Private Key (key) and Certificate Signing request (CSR). OpenSSL is usually installed under /usr/local/ssl/bin. If you have a custom install, you will need to adjust these instructions appropriately.
    2. Type the following command at the prompt:
      openssl genrsa –des3 –out 2048

Note: If you do not wish to use a Pass Phrase, do not use the -des3 command. It will however leave the private key unprotected.

    1. Enter the PEM Pass Phrase (This MUST be remembered)


  1. This will generate a 2048 RSA Private key, and stores it in the file

PART 2:Generating the CSR

    1. Type the following command at the prompt:
      openssl req –new –key –out

Note: You will be prompted for the PEM Pass Phrase if you included the “-des3” command. Type it in now.


NOTE: There is a known issue with Apache/OpenSSL Windows Based Installations. If you recevie an error with the above command, Please enter the following:
openssl req -new -key -out -config openssl.cnf

    1. Input the information for the Certificate Signing Request. This information will be displayed in the certificate.

Note: The following characters can not be accepted: < > ~ ! @ # $ % ^ * / ( ) ?.,&

      • Country Name (2 letter code) [AU]:GB
      • State or Province Name (full name) [Some-State]:London
      • Locality Name (eg, city) []:London
      • Organization Name (eg, company) [Internet Widgits Pty Ltd]:Global Sign
      • Organizational Unit Name (eg, section) []:IT
      • Common Name (eg, YOUR name) [] (Must be the FQDN – Fully Qualifed Domain Name)

Note: DO NOT Enter the following:

      • Email Address []:
      • A challenge password []:
      • An optional company name []:


  1. Please verify the CSR, to insure all information is correct. Use the following command:
    openssl req -noout -text -in
  2. The CSR will now be created, and can be submitted via the website.
Facebook Comments