H
10Corp Premium Hosting

How to Generate a CSR Using OpenSSL

Last Updated: March 2026 3 min read

SSL (Secure Socket Layer) certificates play a crucial role in securing data transmission over the internet. Whether you’re setting up a website, an application, or a server, having an SSL certificate ensures encrypted communication between the client and the server, safeguarding sensitive information from unauthorized access. Using the terminal with OpenSSL provides a straightforward and efficient approach to generating a CSR.

What Is a CSR?

A Certificate Signing Request (CSR) is a block of encoded text that is sent to a Certificate Authority (CA) when applying for an SSL certificate. It contains information about the organization and the domain name that the certificate will secure. The CSR is generated on the same server where the SSL certificate will be installed.

Generating a CSR with OpenSSL

  1. Open a terminal window and enter the following command:

    openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

    Note: This command creates a private key file named server.key and a CSR named server.csr. You can replace server with your domain name or a preferred file name.

  2. You will be prompted for the following information:

    1. Country Name: Type the two-letter country code for your location (e.g., US), then press Enter.
    2. State or Province Name: Type the full name of your state or province, then press Enter.
    3. Locality Name: Type the town or city name for your location, then press Enter.
    4. Organization Name: Type your company or organization name, then press Enter.
    5. Organizational Unit Name: If needed, type the organizational unit, then press Enter. To leave this field blank, just press Enter.
    6. Common Name: Type the domain name that you want to secure with the SSL certificate, then press Enter.
    7. Email Address: Type the email address you want to associate with the certificate, then press Enter.
    8. Challenge Password: (Optional) Press Enter to skip.

    Common Name examples:

    • For a standard certificate: example.com
    • For a subdomain: subdomain.example.com
    • For a wildcard certificate: *.example.com

  3. OpenSSL generates the private key and CSR files based on the filenames used in the command. These files will be saved to your current directory.

Viewing and Verifying the CSR

To view the contents of your CSR, run:

cat server.csr

Note: If you changed the .csr file name, replace server with your chosen name.

To decode and verify the CSR details:

openssl req -in server.csr -noout -text

This will display the subject information, key size, and other details so you can confirm everything is correct before submitting the CSR to your Certificate Authority.

Using the CSR

Once your CSR is generated, you can submit it to your SSL certificate provider or Certificate Authority to issue your SSL certificate. You will typically paste the full contents of the .csr file — including the -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- lines — into the provider’s order form.

Important Notes

  • Keep your private key safe. The .key file generated alongside the CSR must remain secure and should never be shared publicly.
  • Match the private key to the certificate. The SSL certificate issued by the CA will only work with the private key generated alongside the CSR.
  • Use RSA 2048-bit or higher. Most Certificate Authorities require a minimum key length of 2048 bits.
Tags: ssl csr openssl certificate terminal
Back to SSL All Categories

Still need help?

Our support team is available 24/7 to assist you.

Open a Ticket Live Chat