Generate a CSR with OpenSSL in Ubuntu 18.04

In this post we will look at how to generate a CSR with OpenSSL on Ubuntu 18.04 that can be uploaded to a third party certificate authority like GoDaddy, Digicert, or Verisign.

Open Terminal or a command prompt and login to your server via SSH.
Then paste the following OpenSSL command modifying “yourdomain” to reflect the domain you will eventually add to the certificate.

openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

You will then be prompted to answer the following information where applicable:

Generate a CSR with OpenSSL questions

Common Name: The fully-qualified domain name, or URL, you’re securing.

If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *

Organization: The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requestor’s name.

Organization Unit: If applicable, enter the DBA (doing business as) name.

City or Locality: Name of the city where your organization is registered/located. Do not abbreviate.

State or Province: Name of the state or province where your organization is located. Do not abbreviate.

Country: The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered.

There may be some additional prompts such as a challenge password and an additional company name.

Once you have filled out the necessary information it will generate a CSR with OpenSSL and save both the CSR and Key in your current directory. From there you can use it directly from the server or even SCP the file over to a different computer. You will want to follow the steps from your certificate authority in order to generate an appropriate third party cert for your server or web application.

If you need to perform additional tasks on your certificate, OpenSSL is a great tool. You can easily pull up documentation by searching the web. Most certificate authorities will have info as well. If you need to convert .pfx to .pem check out this post

Check out the official documentation to learn more about using certificates with Ubuntu 18.04.

About Admin

IT Director in Austin TX • Husband & Father • Apple and Linux aficionado • Passionate about connecting w/ & supporting educators to improve teaching and learning.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *