Generate CSR in Simple Way

There are many ways in order to produce CSR (Certificate Signing Request) to get the SSL certification by CA (SSL provider). Most of the people create based on their device e.g F5 has their own feature to do such as well as other devices can do. But in this scenario i will let you guys know about how to generate CSR using openSSL regardless of the device you are using since it is dependent as long as you put the correct information along with required complexity of the encryption.

First thing first you may need to have the installer in your hand to begin the installation. I am using Windows 64bit version here.

If you are facing issue when downloading, please go to my useful link here. Pretty easy to install just click next until the end and now you are ready to rock!

Before start to generate the CSR please create text file and fill with below information. This will be helpful at later stage upon CSR creation.

[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext

[ req_distinguished_name ]
countryName = Country Name (2 letter code)
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
organizationName = Organization Name (eg, company)
organizationalUnitName = Organization Unit (eg, division)
commonName = Common Name (e.g. server FQDN or YOUR name)
emailAddress = Email Address

[ req_ext ]
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = mail.rachmadona.net
DNS.2 = pop.rachmadona.net
DNS.3 = imap.rachmadona.net

Put the file name into “SAN.CNF” and locate to the bin folder where the openSSL installed.

Now, time to generate the CSR. Go to the bin folder of OpenSSL and open command prompt. Execute the command as below; you may change “rachmadona.csr & rachmadona.key as per needed.

C:\OpenSSL-Win64\bin>openssl req -out rachmadona.csr -newkey rsa:2048 -nodes -keyout rachmadona.key -config san.cnf

Generating a 2048 bit RSA private key
……..+++
……………….+++
writing new private key to ‘rachmadona.key’
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) []:ID
State or Province Name (full name) []:Jakarta
Locality Name (eg, city) []:Jakarta
Organization Name (eg, company) []:PT. SMARTNET
Organization Unit (eg, division) []:IT
Common Name (e.g. server FQDN or YOUR name) []:rachmadona.net
Email Address []:me@rachmadona.net

Once done it will produce two files there:

  1. rachmadona.csr (this is the CSR file which you need to give to the SSL provider)
  2. rachmadona.key (private key which you need to keep for SSL installation)

We can verrify the CSR whether it is valid by following this link https://www.sslshopper.com/csr-decoder.html

Put the CSR text there and see the result.

Hope this helps.

Leave a Reply

Hi there, welcome to my personal blog. Hope you enjoy visiting here. If you’d like to get in touch with me for either commercial and training purpose, feel free to reach my contact page. Cheers!