Generate CSR (Certificate Signing Request) file in Apache

CSR file creation in Apache is a simple process. CSR (Certificate Signing Request) file contains a block of encoded text, which is given by the applicant to a certificate authority when applying for an SSL certificate. It is usually generated on the server where the certificate will be installed.

It contains information that will be included on the certificate such as the organization name, common name (domain name), locality, and country.

Command to create CSR file in Apache

Run the following command in the command terminal

 openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr  

In the above command, you have to use your domain name instead of ‘domain’. if it is a wildcard certificate, provide that wildcard also. Ex: mytypings.csr, *.mytypings.csr

Fields needed for the CSR certificate creation

Then it will ask you a list of fields needed for the CSR certificate creation. You have to provide those details. The following are those list of common fields.

Field Explanation Examples
Common Name Domain name *.mytypings.com
mytypings.com
Organization The legal name of the organization. such as Inc, Corp, or LLC. Mytypings Inc.
Organizational Unit The division of the organization IT Department
City/Locality The city where the organization is located. Chennai
State/County/Region The state/region where the organization is located. Tamil Nadu
Country The two-letter ISO code for the country where the organization is located. IN
Email address organization contact email address. webmaster@mytypings.com

It will also ask some additional optional parameters like password, optional company name etc. But we may leave those details without providing any details.

Sample Commands

The following is a sample command line to create the CSR file

 -----
 You are about to be asked to enter information that will be incorporated
 into your certificate request.
 What you are about to enter is what is called a Distinguished Name or a DN.
 There are quite a few fields but you can leave some blank
 For some fields there will be a default value,
 If you enter '.', the field will be left blank.
 -----
 Country Name (2 letter code) [AU]:IN
 State or Province Name (full name) [Some-State]:Tamil Nadu
 Locality Name (eg, city) []:Chennai
 Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mytypings, LLC
 Organizational Unit Name (eg, section) []:
 Common Name (e.g. server FQDN or YOUR name) []:*.mytypings.com
 Email Address []:
 Please enter the following 'extra' attributes
 to be sent with your certificate request
 A challenge password []:
 An optional company name []:  

The following is a sample CSR file

 -----BEGIN CERTIFICATE REQUEST-----
MQQByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w
HQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v
Z2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV
IlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr
WFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J
cIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl
4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH
Q0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D
6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn
-----END CERTIFICATE REQUEST-----

The verify the entered details in the CSR file. Run the following command. it will show the details in that CSR file.

 openssl req -in domain.csr -noout -text  

Sarav Author

Comments

  • Lino Wisnieski

    (April 22, 2023 - 4:27 pm)

    Amusing…

Leave a Reply

Your email address will not be published. Required fields are marked *