SSL Certificates have become an essential requirement for any live website. SSL certificates are verified and issued by a Certificate Authority (CA). These certificates have two categories:

  • Self-Signed certificates: Signed by an entity creating it rather than a trusted certificate authority. Mostly used for trial and development purposes and on an intranet environment.
  • CA Certificates: Signed by a trusted CA (Certificate Authority) such as Verisign, DigiCert, GoDaddy,Thawte, etc.

The first step towards acquiring an SSL certificate is generating a CSR and submitting it to the CA. A CSR or certificate signing request is a block of encrypted text sent from an entity to a certificate authority when applying for SSL certificate. It contains all the information including the organization’s name, country, city, email address, etc. that is required for the generation of an SSL certificate.

In this article, I will demonstrate to you how to generate CSR on Ubuntu 18.04 LTS.

For generating CSR on Ubuntu OS, you will require OpenSSL tool. OpenSSL is an open source tool widely used for generating a CSR. To check whether OpenSSL is installed or not, open the Terminal by pressing Ctrl+Alt+T and then type the below command:

dpkg -l |grep openssl

If it is already installed, it will return the following results.

Check if OpenSSL is installed

Installing OpenSSL

If you don’t see the above results, enter the below command in order to install OpenSSL.

Install OpenSSL

Generating a CSR with OpenSSL

There are two steps involved in generating a certificate signing request (CSR). First, you have to generate a private key, and then generate CSR using that private key.

Step 1: Generate a private key

Enter the following command in the Terminal with sudo to generate a private key using RSA algorithm with a key length of 2048 bits.

$ sudo openssl genrsa –out domain.key 2048

Replace domain with your own domain name.

Generate new SSL/TLS key

Above command will generate a private key named domain.key and place it in your current directory.

Step 2: Generate the CSR

After generating the private key, you will need to generate CSR. Enter the below command to generate CSR using the newly generated private key.

$ sudo openssl req –new –key domain.key –out domain.csr

You will be prompted to enter a few details like Country name, State, Organization name, email address, etc. Make sure to enter the right information, as it will be checked by a certificate authority.

Generate the CSR

This command will generate a CSR file named domain.csr and put it in your current directory.

Alternative Method of generating a CSR

Alternatively, there is a single command that will create a private key and then generate CSR simultaneously. The command syntax is as follows:

$ sudo openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr

Replace domain in the above command with your own domain.

Enter few details like Country name; State, Organization name, email address, etc. and make sure to enter right information as it will be later checked by a certificate authority.

SSL Key and CSR creation in single command

Above command will generate a private key and CSR named domain.key and domain.csr respectively and put it in your current directory.

View and copy the content of a private key

You can view and keep the private keys on your server that you may need later. However, do not share it with anyone. To view the contents of the private key file, navigate to the directory where the key file is stored. Then run the below method as sudo:

$ sudo cat domain.key

To copy the contents of the private key file, select and copy the entire content including the “BEGIN PRIVATE KEY” and “END PRIVATE KEY” tags.

View private key file content

View and copy contents of CSR file

You will need to send the CSR file to a certificate signing authority by copy-pasting the entire content of CSR file to certificate authority.

To view the content of the CSR file, navigate to the directory where the CSR file is stored. Then run the below method as sudo:

$ sudo cat domain.csr

To copy the contents of the CSR file, select and copy the entire content including the “BEGIN CERTIFICATE REQUEST” and “END CERTIFICATE REQUEST” tags.

Copy CSR file content

That was all you need to know about generating a certificate signing request (CSR). Now you can get an SSL certificate from certificate signing authority by pasting the content of CSR file on the order form when enrolling for SSL certificate.

How to Generate a Certificate Signing Request (CSR) on Ubuntu