What is CSR and How to Create It

A Certificate Signing Request (CSR) is one of the first steps towards obtaining your own SSL/TLS certificate. The encrypted CSR, created on the same server where the certificate is planned to be installed, contains information (such as domain name, organization, company contact details) that the Certificate Authority (CA) will use to create your certificate. The CSR also contains the public key that will be included in your certificate, signed by the corresponding private key.

CSR Generation Instructions

The process of generating a CSR depends on the platform you are using. Let's consider a step-by-step guide to generating an encrypted CSR request on popular Linux-like platforms such as UBUNTU, Debian, or CentOS. The beginning of the generation process is connecting SSH to the server or hosting. More details:

1. In the command line, enter the following command with sudo to generate a private key using the RSA algorithm with a key size of 4096 bits:

$ openssl genrsa -out private.key 4096

Where: private.key is the output file that contains the key;

1024(4096) is the required key size. For SGC certification technology, a 1024-bit key is required, while for others, a 4096-bit key is required.

2. After generating the private key, it is necessary to generate an encrypted CSR request. Applying the SHA-2 cryptographic hashing standard, enter the following command with sudo in the command line, using the just-generated private key:

$  openssl req -new -key private.key -out example.csr -sha256

Here: private.key is the previously generated private key file;

example.csr is the generated file containing the CSR.

3. To successfully complete the process of generating an encrypted CSR request, the system must request the company data for which the security certificate is being issued. The information should be entered in Latin letters. Be sure to provide correct organization data as it will be verified by the Certificate Authority.

It is crucial! The private key file private.key should be kept in a secure location, as it will be needed for installing the security certificate. It is forbidden to transmit or disclose the file contents as it violates data confidentiality, which will result in some measures being taken by the Certificate Authority.

Re-entering the generating command will create a completely different private key, for which a new CSR request is created, and a new certificate reissue is performed.

Have more questions about Hosting?