[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Successor to CentOS] AlmaLinux OS server construction/migration service

[Successor to CentOS] AlmaLinux OS server construction/migration service

[For WordPress only] Cloud server “Web Speed”

[For WordPress only] Cloud server “Web Speed”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Reservation system development] EDISONE customization development service

[Reservation system development] EDISONE customization development service

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[Global exclusive service] Beyond's MSP in North America and China

[Global exclusive service] Beyond's MSP in North America and China

[YouTube] Beyond official channel “Biyomaru Channel”

[YouTube] Beyond official channel “Biyomaru Channel”

How to create a CSR file in 3 steps

This is Nakagawa from the System Solutions Department.

I've had several occasions recently where I created a CSR file before applying for an SSL certificate.

I record the work details each time, but just when I forget, I get a request to create one.

I also wrote a blog post to organize the information.

 

What is a CSR file?

Certificate Signing Requests
which is a file containing personal or corporate information related to the domain (site) for which you are applying for a certificate

The contents of the file will be explained later.

Some certificate sales agencies will also undertake the creation of certificates for you if you provide the necessary information at the time of application.

Can be used when it is necessary to create it on the applicant side

We will introduce how to create a CSR file using the openssl command.

 

1. Create a key file

First, before creating the CSR file, generate the corresponding key file.

Change to your working directory and run the following command:

openssl genrsa 2048 [key file name].key

The above command is for not setting a passphrase.

To set the passphrase, run it with the option "-des3".

openssl genrsa -des3 2048 [Key file name].key

However, you will need to enter the passphrase each time you create a CSR file or use the key file.

Every time apache or nginx is restarted on other servers

We do not require you to enter a passphrase due to the hassle of entering it.

 

2. Generate CSR file

openssl req -new -key [Key file name].key -out [CSR file name].csr

After executing the command, enter the following questions.

Country Name (2 letter code) [XX]: 2 letter country code State or Province Name (full name) []: Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]:Company name Organizational Unit Name (eg, section) []:Department name Common Name (eg, your name or your server's hostname) []:Domain name (FQDN) Email Address []:Email address enter Please the following 'extra' attributes to be sent with your certificate request A challenge password []:Enter blank An optional company name []:Enter blank

Once you have entered the above information, your CSR file will be created!

In extreme terms, as long as the CommonName is entered correctly, it will be established as a CSR file.

The contents are left to the convenience of the creator.

 

3. Consistency check

Check the integrity of the two files generated in 1. and 2.

You can decrypt each file with the following command:

openssl rsa -text -noout -in [Key file name].key openssl req -text -noout -in [CSR file name].csr

 

When you run it, you will see the output starting with "Modulus=".

 

Modulus=A11E0ABEB629...

 

If there is no difference between the two output decryption results, the consistency check is complete.

However, after decrypting the two files and using a difference checking tool like WinMerge,

If you are having trouble checking the differences, try the following command.

diff <(openssl rsa -text -noout -in [key file name].key) <(openssl req -text -noout -in [CSR file name].csr)

 

If the diff command does not display any results, it means that the two files have the same decryption result.

thank you for your hard work!

After creating the file, feel free to use it by copying it to your local environment.

Thank you for reading this far.

If you found this article helpful , please give it a like!
4
Loading...
4 votes, average: 1.00 / 14
6,346
X facebook Hatena Bookmark pocket
[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

The person who wrote this article

About the author

Sakina Nakagawa

I joined the company in 2016 as a new graduate. Lately, I've been having fun learning the basics of servers.