Let’s generate a CSR for the domain hostingdada.net using OpenSSL

  • Login to your linux server as “root” via SSH through Putty
  • On the prompt type the following command to generate a CSR
 openssl req -new -newkey rsa:2048 -nodes -keyout hostingdada.net.key -out hostingdada.net.csr
  •  Enter the required information to complete generating the CSR as below
openssl req -new -newkey rsa:2048 -nodes -keyout hostingdada.net.key -out hostingdada.net.csr
Generating a 2048 bit RSA private key
writing new private key to 'hostingdada.net.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:TN
Locality Name (eg, city) [Default City]:Chennai
Organization Name (eg, company) [Default Company Ltd]:HostingDada
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:hostingdada.net
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: <leave if you don't want to fill this>
An optional company name []: <leave if you don't want to fill this>
  • Once this is done you will fine two files generated in the directory where you executed the command
[root@localhost ~]# ls -al
-rw-r--r--   1 root        root         1058 Aug 21 01:38 hostingdada.net.csr
-rw-r--r--   1 root        root         1704 Aug 21 01:38 hostingdada.net.key
  • CSR is the Certificate Signing Request that you need to submit to the Certificate Authority and .key is the unique private key that only works with the generated CSR. Make sure you keep the KEY safe or else the Certificate will not work and you have to re-key the certificate by generating a new CSR.