There are just a few simple steps to generate a Certificate Signing Requets you can pass off to your Certificate Authority of choice. After you’ve completed the steps in this guide, you’ll have a CSR ready to pass off to your Certificate Authority of choice.

First, you’ll need to make sure you have an openssl package installed. You can do this by running

$ which openssl /usr/bin/openssl

You should see a full path to the openssl binary if it’s installed and present on your system.

Installation

FreeBSD

OpenSSL is included in the base world installation, so you’re all set to go. You can additionally install an updated version via ports security/openssl

CentOS

yum install openssl openssl-devel

Ubuntu

apt-get install openssl

MacOS

OpenSSL is included by default, if you prefer an updated installation, you can use brew install openssl to install OpenSSL via HomeBrew

Generate your Key & CSR

Here, we’ll generate a RSA Private Key & CSR for our domain, svwh.net.

openssl genrsa -out ~/ssl/svwh.net.key 2048

or

openssl genrsa -out ~/ssl/svwh.net.key 4096

if you prefer a 4096-bit RSA key.

Now, you’ll run the command to generate the CSR. OpenSSL will prompt you for the details using any defaults you may have configured.

openssl req -new -sha256 -key ~/ssl/svwh.net.key -out ~/ssl/svwh.net.csr

Example Invocation:

$ openssl req -new -sha256 -key ~/ssl/svwh.net.key -out ~/ssl/svwh.net.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:US
State or Province Name (full name) []:California
Locality Name (eg, city) []:San Jose
Organization Name (eg, company) []:Silicon Valley Web Hosting LLC
Organizational Unit Name (eg, section) []:
Common Name (eg, fully qualified host name) []:www.svwh.net
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:

Your CSR is now present in ~/ssl/svwh.net.csr. If you want, you can use openssl to confirm you entered everything as expected. Information supplied in the previous command will be visible in the Subject line of the certificate:

openssl req -in ~/ssl/svwh.net.csr -text -noout

Example Invocation:

$ openssl req -in ~/ssl/svwh.net.csr -text -noout
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=US, ST=California, L=San Jose, O=Silicon Valley Web Hosting LLC, CN=www.svwh.net
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:a7:99:4d:7b:59:ac:12:9c:13:e0:3e:43:34:e0:
                    0c:e8:19:fb:3a:ce:ff:97:1f:14:97:41:d7:c4:f3:
                    d2:fd:f5:f3:bd:a6:e6:8e:ec:6f:7e:71:63:8e:0e:
                    3c:59:ca:aa:01:d7:d8:a7:e0:a6:ac:37:c0:c3:a5:
                    f7:96:ab:15:7a:2f:09:87:46:37:fa:7d:92:05:94:
                    42:fa:5c:e3:b7:ff:3b:b7:c2:f1:28:3b:12:9b:cd:
                    95:20:58:8d:f4:c2:b8:f5:0b:4e:60:25:5b:0f:4e:
                    5c:bb:98:ba:aa:55:32:73:3f:9b:df:c7:52:9d:53:
                    9d:75:88:0c:bb:46:db:75:4d:79:03:76:a9:9c:5d:
                    b8:cd:ca:82:fb:80:aa:fc:ef:34:8b:be:3c:c7:5f:
                    9b:d3:5f:51:d3:34:2f:c7:b5:02:51:2e:4b:4c:52:
                    f6:4a:79:ff:48:ce:69:53:58:31:9f:a6:b4:7d:33:
                    5d:16:ad:3e:b9:c2:f3:5c:1e:b0:c2:91:95:bd:03:
                    11:79:12:af:f3:8c:f2:7d:99:1c:9b:c2:c1:c2:5a:
                    f9:da:e9:7f:41:9a:e3:c2:a2:6b:d7:91:85:4c:0b:
                    cc:f0:1b:d1:95:dd:61:81:86:80:16:5a:04:8c:75:
                    c1:43:2b:58:d0:51:d1:c6:18:d0:89:76:f7:66:75:
                    55:4f:b9:77:ee:ca:6d:e2:e3:64:d1:f1:2c:19:15:
                    e6:62:be:d6:34:5f:90:48:81:99:88:28:53:0a:96:
                    f5:e4:03:c3:11:13:2b:83:8f:f4:de:3d:56:04:9d:
                    a1:80:9c:0b:96:83:9a:0f:f4:07:53:bd:b2:ce:d3:
                    e1:b8:6a:40:ab:c8:4f:f8:c4:9f:31:39:b2:5c:ad:
                    72:6e:e5:28:0d:57:76:5d:6b:fc:32:4a:77:24:bf:
                    2a:0a:9d:fa:8c:87:93:da:df:33:9a:2f:26:6b:6b:
                    dd:7c:a8:2d:36:5c:cb:d4:ca:1b:4c:f1:58:77:dd:
                    1b:d1:8e:82:88:6c:5e:59:c0:df:f9:71:56:a0:5c:
                    3a:52:fc:a5:b9:28:29:c8:a5:43:28:fb:d4:c9:d2:
                    bb:14:34:2b:13:e8:93:23:af:26:25:de:35:87:a8:
                    64:c4:7a:a9:15:78:13:33:4d:33:70:02:6e:27:58:
                    10:af:10:49:3b:c2:b0:40:91:47:11:6e:25:da:e5:
                    82:3b:a0:57:3b:0e:5c:78:03:a8:2a:2f:52:50:8d:
                    df:69:19:d5:24:d1:bc:fe:38:c5:15:22:67:67:4d:
                    87:d9:74:d9:af:3a:58:0d:c2:59:49:6b:c9:83:35:
                    d7:e2:4b:1f:5f:4f:10:3a:1f:2c:20:66:55:64:f3:
                    a0:f8:07
                Exponent: 65537 (0x10001)
        Attributes:
            a0:00
    Signature Algorithm: sha256WithRSAEncryption
         10:b2:69:b6:f9:bf:74:2f:2c:d6:3a:36:d4:06:ca:e2:21:ce:
         0a:9d:45:8d:5d:80:d2:25:e5:43:e3:69:44:b1:b3:6e:41:79:
         b8:54:90:2a:5b:4a:f2:fc:42:d4:e0:03:f6:9b:4e:66:2e:fa:
         17:92:05:e2:39:f9:17:3b:55:f1:54:34:9d:e7:2f:cd:85:4d:
         e1:4d:af:c7:d4:e8:4c:9b:de:bb:d6:64:9e:70:0e:43:03:78:
         0a:27:31:66:2c:ab:16:ec:d4:86:c9:ef:7d:95:73:a3:77:17:
         be:bf:ce:9f:1d:ce:7b:38:fe:18:7f:20:b5:f5:83:39:51:45:
         85:19:08:38:17:2a:b0:15:50:fb:a0:be:e5:98:7a:32:b0:e0:
         6d:2d:05:47:de:70:f8:df:f7:6d:0b:d5:7a:25:ce:af:d3:92:
         c6:98:86:b1:8c:10:76:5e:93:f1:d0:fb:a0:d1:c1:76:b5:2a:
         3a:23:98:00:23:24:ac:88:88:0f:a9:a3:0f:be:88:0f:14:48:
         d4:b7:c8:91:13:9c:04:8e:70:72:73:cf:2f:fc:b3:ab:9e:11:
         20:33:22:a6:a8:79:fc:18:a6:c6:f4:7a:c1:20:4f:d4:84:e2:
         bb:89:99:9a:6f:4a:11:78:b6:85:f6:cd:0f:02:a9:ae:f5:e8:
         b0:54:42:5d:ec:a0:c9:ca:45:16:5f:24:e4:2f:93:3f:ac:55:
         94:ce:ea:d3:a6:f3:fc:a7:63:6c:a2:af:b0:32:61:02:71:a3:
         02:bc:7e:3c:ed:aa:c5:bd:fc:98:53:49:6b:e5:70:36:04:1f:
         10:43:44:f7:a9:8b:68:b1:fc:e4:7b:4b:fb:f3:a6:5e:ec:61:
         50:30:cb:e6:cb:36:34:ad:f6:17:f1:2e:28:01:c0:5c:b0:d7:
         f4:b7:ec:8e:fe:91:e4:9b:49:8d:36:ca:e8:3c:e5:a5:24:66:
         2b:1c:0d:ac:6d:64:6b:86:bf:af:b0:88:d0:4b:de:7a:6a:46:
         8d:eb:62:fa:7e:55:3e:15:2f:70:89:d4:5f:b7:c6:0a:5a:65:
         9c:aa:26:51:8d:68:b8:6f:6b:da:46:09:b6:da:84:51:9a:a4:
         1c:8d:d1:5e:68:f3:5d:c8:8c:59:06:0b:92:ca:4c:5e:c1:6f:
         b6:60:fd:0f:51:9f:e2:bc:24:5a:6b:06:ca:75:3c:e9:67:37:
         30:51:2f:58:b8:f3:08:eb:f8:b2:5a:82:c1:bc:36:b3:d6:c0:
         07:36:a4:6c:b3:66:43:35:b4:cc:d0:90:d8:4c:e6:63:e3:84:
         f4:5a:0a:9e:65:8a:83:89:15:bf:da:42:e6:d7:94:ee:1d:23:
         cd:db:21:d3:62:75:80:81

Your SSL Certificate Signing Request is now ready to be handed off to the Certificate Authority of your choice. If you’d like to purchase your SSL certificate through SVWH, you can find information about pricing and how to order at https://www.svwh.net/ssl-certificates.html