How to create a CSR file in 3 steps

This is Nakagawa from the System Solutions Department.

I've had several occasions recently where I created a CSR file before applying for an SSL certificate.

I record the work details each time, but just when I forget, I get a request to create one.

I also wrote a blog post to organize the information.

 

What is a CSR file?

Certificate Signing Requests
which is a file containing personal or corporate information related to the domain (site) for which you are applying for a certificate

The contents of the file will be explained later.

Some certificate sales agencies will also undertake the creation of certificates for you if you provide the necessary information at the time of application.

Can be used when it is necessary to create it on the applicant side

We will introduce how to create a CSR file using the openssl command.

 

1. Create a key file

First, before creating the CSR file, generate the corresponding key file.

Change to your working directory and run the following command:

openssl genrsa 2048 [key file name].key

The above command is for not setting a passphrase.

To set the passphrase, run it with the option "-des3".

openssl genrsa -des3 2048 [Key file name].key

However, you will need to enter the passphrase each time you create a CSR file or use the key file.

Every time apache or nginx is restarted on other servers

We do not require you to enter a passphrase due to the hassle of entering it.

 

2. Generate CSR file

openssl req -new -key [Key file name].key -out [CSR file name].csr

After executing the command, enter the following questions.

Country Name (2 letter code) [XX]: 2 letter country code State or Province Name (full name) []: Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]:Company name Organizational Unit Name (eg, section) []:Department name Common Name (eg, your name or your server's hostname) []:Domain name (FQDN) Email Address []:Email address enter Please the following 'extra' attributes to be sent with your certificate request A challenge password []:Enter blank An optional company name []:Enter blank

Once you have entered the above information, your CSR file will be created!

In extreme terms, as long as the CommonName is entered correctly, it will be established as a CSR file.

The contents are left to the convenience of the creator.

 

3. Consistency check

Check the integrity of the two files generated in 1. and 2.

You can decrypt each file with the following command:

openssl rsa -text -noout -in [Key file name].key openssl req -text -noout -in [CSR file name].csr

 

When you run it, you will see the output starting with "Modulus=".

 

Modulus=A11E0ABEB629...

 

If there is no difference between the two output decryption results, the consistency check is complete.

However, after decrypting the two files and using a difference checking tool like WinMerge,

If you are having trouble checking the differences, try the following command.

diff <(openssl rsa -text -noout -in [key file name].key) <(openssl req -text -noout -in [CSR file name].csr)

 

If the diff command does not display any results, it means that the two files have the same decryption result.

thank you for your hard work!

After creating the file, feel free to use it by copying it to your local environment.

Thank you for reading this far.