How to create a CSR file in 3 steps

This is Nakagawa from the System Solutions Department.

Recently, I have had several opportunities to create a CSR file before applying for an SSL certificate

I record the work I do each time, but when I have forgotten about it, I get a request to create it

I also wrote a blog post to organize the information

 

What is a CSR file?

Certificate Signing Requests
and is a file containing personal or corporate information related to the domain (site) applying for a certificate

The contents of the file will be explained later

Some certificate sales agencies will also create the certificate on your behalf if you provide the necessary information when applying

Can be used when the applicant needs to create it themselves

We will show you how to create a CSR file using the openssl command

 

1. Create a key file

Before creating a CSR file, you must first generate the corresponding key file

Change to the working directory and run the following command:

openssl genrsa 2048 【key file name】.key

The above command is for when you do not set a passphrase

To set a passphrase, run it with the option "-des3"

openssl genrsa -des3 2048 【key file name】.key

However, you will need to enter the passphrase when creating a CSR file or using the key file thereafter

Every time Apache or nginx is restarted on other servers I am running,

We have decided not to set a passphrase because it would require the hassle of entering one

 

2. Generate a CSR file

openssl req -new -key [key file name].key -out [CSR file name].csr

After executing the command, you will be prompted to enter the following questions:

Country Name (2 letter code) [XX]: 2 letters of the country code State or Province Name (full name) []: Prefecture name Locality Name (e.g., city) [Default City]: City/town name Organization Name (e.g., company) [Default Company Ltd]: Company name Organizational Unit Name (e.g., section) []: Department name Common Name (e.g., your name or your server's hostname) []: Domain name (FQDN) Email Address []: Email address Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: Enter without filling in anything An optional company name []: Enter without filling in anything

Once you've completed the above steps, your CSR file will be created!

To put it simply, as long as the CommonName is entered correctly, the CSR file will be valid

The content to be entered is left to the discretion of the author

 

3. Consistency check

Verify the integrity of the two files generated in steps 1 and 2

You can decrypt each file with the following command:

openssl rsa -text -noout -in [key file name].key openssl req -text -noout -in [CSR file name].csr

 

When you run it, you will see output starting with "Modulus="

 

Modulus=A11E0ABEB629...

 

If there is no difference between the two decrypted results, the integrity check is complete

However, after decrypting the two files, you can use a tool like WinMerge to check the differences

If you don't want to bother checking the differences, try the following command:

diff <(openssl rsa -text -noout -in [key file name].key) <(openssl req -text -noout -in [CSR file name].csr)

 

If the diff command returns no output, the two files have the same decrypted results

thank you for your hard work!

After creating the file, feel free to use it by copying it to your local environment

Thank you for reading this far