CSR file creation in Apache is a simple process. CSR (Certificate Signing Request) file contains a block of encoded text, which is given by the applicant to a certificate authority when applying for an SSL certificate. It is usually generated on the server where the certificate will be installed.
It contains information that will be included on the certificate such as the organization name, common name (domain name), locality, and country.
Command to create CSR file in Apache
Run the following command in the command terminal
openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr
In the above command, you have to use your domain name instead of ‘domain’. if it is a wildcard certificate, provide that wildcard also. Ex: mytypings.csr, *.mytypings.csr
Fields needed for the CSR certificate creation
Then it will ask you a list of fields needed for the CSR certificate creation. You have to provide those details. The following are those list of common fields.
|Common Name||Domain name||*.mytypings.com
|Organization||The legal name of the organization. such as Inc, Corp, or LLC.||Mytypings Inc.|
|Organizational Unit||The division of the organization||IT Department|
|City/Locality||The city where the organization is located.||Chennai|
|State/County/Region||The state/region where the organization is located.||Tamil Nadu|
|Country||The two-letter ISO code for the country where the organization is located.||IN|
|Email address||organization contact email firstname.lastname@example.org|
It will also ask some additional optional parameters like password, optional company name etc. But we may leave those details without providing any details.
The following is a sample command line to create the CSR file
----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:IN State or Province Name (full name) [Some-State]:Tamil Nadu Locality Name (eg, city) :Chennai Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mytypings, LLC Organizational Unit Name (eg, section) : Common Name (e.g. server FQDN or YOUR name) :*.mytypings.com Email Address : Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : An optional company name :
The following is a sample CSR file
-----BEGIN CERTIFICATE REQUEST----- MQQByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w HQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v Z2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV IlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr WFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J cIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl 4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH Q0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D 6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn -----END CERTIFICATE REQUEST-----
The verify the entered details in the CSR file. Run the following command. it will show the details in that CSR file.
openssl req -in domain.csr -noout -text