How To Generate Certificate Signing Request (CSR) with OpenSSL?

RSS
EMAIL
FACEBOOK
FACEBOOK
GOOGLE
GOOGLE
https://www.poftut.com/generate-certificate-signing-request-csr-with-openssl/
PINTEREST
PINTEREST
INSTAGRAM

OpenSSL provides different features about security and certificates. Public and Private Key cryptography also supported by OpenSSL. Websites, Firewalls and other applications uses Certificates in order to encrypt their network traffic or authenticate each other. In this tutorial we will look how to create Certificate Signing Request.

Generate RSA Key

Now we assume we do not have any Public and Private Key pair. If we have Public and Private key pair please skip to the second step. RSA is very popular and efficient asymmetric encryption algorithm used by a lot of security mechanisms.We can also use RSA in X509 certificates. In this step we will create create an RSA Private key with PEM format. This key size will be 2048 bit.

Generate RSA Key

Generate RSA Key

Certificate Signing

Certificate signing means an Authority or Certificate Authority have checked provided certificate and signed it with its private key. After that step the entities trust Certificate Authority will see and check the sign of the Certificate Authority in the signed Certificate. In order to sign Certificate we need to create a Certificate Signing Request (CSR) which is described below.

Create Certificate Signing Request (CSR)

We will generate a Certificate Signing Request (CSR) by pointing our private key. We will use req verb of the OpenSSL. We will use -sha256 as digest algorithm. The Certificate Signing Request file will be specified with -out option and will have .csr extension.

Create Certificate Signing Request (CSR)

Create Certificate Signing Request (CSR)

Verify Certificate Signing Request (CSR)

After create a Certificate Signing Request we can view the files and review it. We will use req verb again. We will use -noout and -text options to print to the shell.

LEARN MORE  How To Generate Ssh Key With ssh-keygen In Linux

Verify Certificate Signing Request (CSR)

Verify Certificate Signing Request (CSR)

Submit To The Certificate Authority

The last step is sending this myrequest.csr file to the Certificate Authorities like below. By the way naming our CSR with our URL will made is more practical and easy to read like poftut.csr

  • Thawte
  • RapidSSL
  • Lets Encrypt
  • Digicert
RSS
EMAIL
FACEBOOK
FACEBOOK
GOOGLE
GOOGLE
https://www.poftut.com/generate-certificate-signing-request-csr-with-openssl/
PINTEREST
PINTEREST
INSTAGRAM

You may also like...

Leave a Reply

Your email address will not be published.

Enjoy this blog? Please spread the word :)