Install OpenSSL on your computer if it is not already installed. OpenSSL is usually pre-installed on Linux, but you may need to install it on Windows or macOS. You can download OpenSSL from the OpenSSL website: https://www.openssl.org/source/
1 – Open a command prompt or terminal window.
2 – Navigate to the directory where you want to create the CSR and key.
3 – Generate a private key by typing the following command:
openssl genrsa -out private.key 2048
This command generates a 2048-bit private key and saves it in a file called “private.key” in the current directory.
4 – Create a CSR by typing the following command:
openssl req -new -key private.key -out csr.pem
This command creates a new CSR using the private key generated in step 4 and saves it in a file called “csr.pem” in the current directory.
5 – Follow the prompts to enter the information for the CSR. You will be asked for the following information:
- Country Name (2-letter code): Enter the two-letter country code for the country where your organization is located.
- State or Province Name (full name): Enter the full name of the state or province where your organization is located.
- Locality Name (eg, city): Enter the city where your organization is located.
- Organization Name (eg, company): Enter the name of your organization.
- Organizational Unit Name (eg, section): Enter the name of your department or division within your organization.
- Common Name (eg, fully qualified hostname): Enter the fully qualified domain name (FQDN) for the server that will be using the certificate. For example, if your website is located at “www.example.com”, enter “www.example.com”.
- Email Address: Enter an email address where you can be reached.
- Review the information you entered and confirm that it is correct.
6 – Save the CSR by typing the following command:
This command will display the CSR on the screen. You can copy and paste the contents of the CSR into a text file and submit it to a certificate authority to obtain a certificate.
That’s it! You have now created a CSR and key using OpenSSL.