User:Hef/Howto Create a CSR

From Pumping Station: One Wiki
Jump to: navigation, search

create the csr

   openssl req -out -new -newkey rsa:2048 -nodes -keyout

Your session will look like this.

Generating a 2048 bit RSA private key
writing new private key to ''
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [US]:
State or Province Name (full name) [Illinois]:
Locality Name (eg, city) [Chicago]:
Organization Name (eg, company) [Pumping Station One]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:*
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Notice that on, /etc/ssl/openssl.cnf has been configured with sane defaults for a lot of fields.

Do Not

  • Do not put a colon anywhere in any field. Openssl will let you. Your SSL vendor will let you and charge you. Then you will be sad.
    • notice that Pumping Station: One normally has a colon. (but don't put it)