Generating a Certificate Signing Request

Updated 4 days ago by James Dunn

Generate the RSA key

Run the following commands to create a directory in which to store your RSA key, substituting a directory name of your choice:

mkdir ~/my_ssl/
cd ~/my_ssl/

Run the following command to generate a private key: should be changed to the domain used for your site such as this will help identify it for later use. It will match the common name used in the next step.
openssl genrsa -out ~/my_ssl/ 2048

If you receive an error here, verify that you have OpenSSL installed. Then try again.

Create a CSR

Type the following command to create a CSR with the RSA private key (output is in PEM format):

openssl req -new -sha256 -key ~/my_ssl/ -out ~/my_ssl/

When prompted, enter the necessary information for creating a CSR by using the conventions shown in the following table.

The following characters cannot be used in the Organization Name or the Organizational Unit: < > ~ ! @ # $ % ^ * / \ ( ) ?.,&

DN field



Common Name

The fully qualified domain name for your web server. This must be an exact match.

If you intend to secure the URL, then your CSR’s common name must be If you plan to get a wildcard certificate, make sure to prefix your domain name with an asterisk, for example: *

Organization Name

The exact legal name of your organization. Do not abbreviate your organization name.

Organizational Unit

Section of the organization.


City or Locality

The city where your organization is legally located.

Wellesley Hills

State or Province

The state or province where your organization is legally located. Do not use an abbreviation.



The two-letter ISO abbreviation for your country.


Warning: Leave the challenge password blank (press Enter). The FileHub Virtual Appliance does not support using a challenge password.

Verify your CSR

Run the following command to verify your CSR:

openssl req -noout -text -in ~/my_ssl/

How Did We Do?