Generate CSR (Certificate Signing Request) file in Apache

CSR file creation in Apache is a simple process. CSR (Certificate Signing Request) file contains a block of encoded text, which is given by the applicant to a certificate authority when applying for an SSL certificate. It is usually generated on the server where the certificate will be installed.

It contains information that will be included on the certificate such as the organization name, common name (domain name), locality, and country.

Command to create CSR file in Apache

Run the following command in the command terminal

 openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr  

In the above command, you have to use your domain name instead of ‘domain’. if it is a wildcard certificate, provide that wildcard also. Ex: mytypings.csr, *.mytypings.csr

Fields needed for the CSR certificate creation

Then it will ask you a list of fields needed for the CSR certificate creation. You have to provide those details. The following are those list of common fields.

Field Explanation Examples
Common Name Domain name *
Organization The legal name of the organization. such as Inc, Corp, or LLC. Mytypings Inc.
Organizational Unit The division of the organization IT Department
City/Locality The city where the organization is located. Chennai
State/County/Region The state/region where the organization is located. Tamil Nadu
Country The two-letter ISO code for the country where the organization is located. IN
Email address organization contact email address.

It will also ask some additional optional parameters like password, optional company name etc. But we may leave those details without providing any details.

Sample Commands

The following is a sample command line to create the CSR file

 You are about to be asked to enter information that will be incorporated
 into your certificate request.
 What you are about to enter is what is called a Distinguished Name or a DN.
 There are quite a few fields but you can leave some blank
 For some fields there will be a default value,
 If you enter '.', the field will be left blank.
 Country Name (2 letter code) [AU]:IN
 State or Province Name (full name) [Some-State]:Tamil Nadu
 Locality Name (eg, city) []:Chennai
 Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mytypings, LLC
 Organizational Unit Name (eg, section) []:
 Common Name (e.g. server FQDN or YOUR name) []:*
 Email Address []:

 Please enter the following 'extra' attributes
 to be sent with your certificate request
 A challenge password []:
 An optional company name []:  

The following is a sample CSR file


The verify the entered details in the CSR file. Run the following command. it will show the details in that CSR file.

 openssl req -in domain.csr -noout -text  

Sarav Author


  • Lino Wisnieski

    (April 22, 2018 - 4:27 pm)


Leave a Reply

Your email address will not be published. Required fields are marked *