CSR file creation in Apache is a simple process. CSR (Certificate Signing Request) file contains a block of encoded text, which is given by the applicant to a certificate authority when applying for an SSL certificate. It is usually generated on the server where the certificate will be installed.
It contains information that will be included on the certificate such as the organization name, common name (domain name), locality, and country.
Command to create CSR file in Apache
Run the following command in the command terminal
openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr
In the above command, you have to use your domain name instead of ‘domain’. if it is a wildcard certificate, provide that wildcard also. Ex: mytypings.csr, *.mytypings.csr
Fields needed for the CSR certificate creation
Then it will ask you a list of fields needed for the CSR certificate creation. You have to provide those details. The following are those list of common fields.
| Field | Explanation | Examples |
|---|---|---|
| Common Name | Domain name | *.mytypings.com mytypings.com |
| Organization | The legal name of the organization. such as Inc, Corp, or LLC. | Mytypings Inc. |
| Organizational Unit | The division of the organization | IT Department |
| City/Locality | The city where the organization is located. | Chennai |
| State/County/Region | The state/region where the organization is located. | Tamil Nadu |
| Country | The two-letter ISO code for the country where the organization is located. | IN |
| Email address | organization contact email address. | webmaster@mytypings.com |
It will also ask some additional optional parameters like password, optional company name etc. But we may leave those details without providing any details.
Sample Commands
The following is a sample command line to create the CSR file
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:Tamil Nadu
Locality Name (eg, city) []:Chennai
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mytypings, LLC
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:*.mytypings.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
The following is a sample CSR file
-----BEGIN CERTIFICATE REQUEST-----
MQQByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w
HQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v
Z2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV
IlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr
WFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J
cIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl
4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH
Q0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D
6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn
-----END CERTIFICATE REQUEST-----
The verify the entered details in the CSR file. Run the following command. it will show the details in that CSR file.
openssl req -in domain.csr -noout -text
Comments-
(April 22, 2023 - 4:27 pm)
Lino Wisnieski
Amusing…