Table of Contents
2
Home » Wiki » How to Generate a CSR in CentOS: A Step-by-Step Guide

How to Generate a CSR in CentOS: A Step-by-Step Guide

by | SSL Certificate

Generate CSR in CentOS

Beginner’s Guide to Generate CSR in CentOS

A CSR or Certificate Signing Request is required to obtain an SSL certificate for securing connections to your website. Generating a CSR in CentOS involves using the openssl command to create the CSR file.

This step-by-step guide will show you how to generate a CSR in CentOS 7/8 using the openssl tool. We will cover:

6 Easy Steps You Can Follow For CSR Generation in CentOS using OpenSSL Commands

Generating a CSR in CentOS involves using the OpenSSL command.

  • Install openssl
  • Create the Private Key
  • Generate the CSR
  • Enter Certificate Details
  • Verify the CSR Contents
  • Prepare CSR for Submission

Also Read: How to Install an SSL Certificate on Centos 7

1. Install OpenSSL

Check if OpenSSL is installed using:

openssl version

If not installed, run:

sudo yum install openssl

This will install openssl if missing.

2. Create the Private Key

The CSR requires a private key. Generate one with:

openssl genrsa -out yourdomain.key 2048

Replace ‘yourdomain’ with your real domain name.

The key length is 2048 bits. You can use 4096 for even stronger security. Remember to backup the key file.

3. Generate the CSR

Use the private key to generate the CSR:

openssl req -new -key yourdomain.key -out yourdomain.csr

This launches an interactive prompt that collects your certificate details.

4. Enter Certificate Details

At the prompt, enter the info for your certificate one by one:

  • Country Name: The 2 letter country code e.g. US, IN, AU
  • State or Province: The full state or province name, e.g. California
  • Locality Name: The city where your organization is legally located
  • Organization Name: The official registered name of your company/organization
  • Organizational Unit: The division or department within the organization
  • Common Name: The fully qualified domain name, e.g. yourdomain.com
  • Email Address: Your or your admin’s contact email address
  • Challenge Password: Any passphrase you like, it can be left blank
  • Company Name: Optionally the common name of your company

Once you enter all these details, the CSR will be generated.

5. Verify the CSR Contents

You can check the CSR details using:

openssl req -text -noout -verify -in yourdomain.csr

This will display the core contents of the CSR, allowing you to verify all the details are correct before submitting it to the CA.

The CSR is now ready to be submitted along with your order for receiving the SSL certificate.

6. Prepare CSR for Submission

To send your CSR to the Certificate Authority, it first needs to be encoded properly into a format they can process.

You can export the CSR into a .pem encoded file using:

openssl req -out yourdomain.csr.pem -in yourdomain.csr

Then open the .pem file and copy/paste the contents into the CSR field when ordering your SSL certificate.

That completes the CSR generation process on CentOS. Be sure to include the correct details and validate them before submission.

How to Create CSR on CentOS 8

The steps for generating a CSR on CentOS 8 are same as CentOS 7:

  • Install openssl if needed
  • Create the private key
  • Generate CSR using private key
  • Enter certificate details at prompt
  • Verify CSR contents
  • Export CSR into .pem format

How to Automate CSR Generation

Instead of the interactive prompt, you can also create a config file containing all the details.

For example, create a file yourdomain.cnf with:

[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req

[req_distinguished_name]
countryName = US
stateOrProvinceName = California
localityName = San Francisco
organizationName = Your Organization
organizationalUnitName = Your Unit 
commonName = yourdomain.com
emailAddress = admin@yourdomain.com

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = yourdomain.com
DNS.2 = www.yourdomain.com
Then generate the CSR using:
openssl req -new -key yourdomain.key -out yourdomain.csr -config yourdomain.cnf
This will create the CSR using details from the yourdomain.cnf file, without any interactive prompts.

The config file method allows you to automate CSR generation in a consistent and repeatable way.

Final Thoughts

Generating a CSR (Certificate Signing Request) in CentOS allows you to request a trusted SSL certificate from a certificate authority. Using the openssl req command, you can create a private key and CSR. Make sure to include accurate information about your server and company.

Once complete, submit the CSR to your chosen CA to obtain a signed public certificate. Properly configuring SSL with a trusted certificate enables secure HTTPS connections to your CentOS server and assures visitors of your site’s legitimacy.

Priya Mervana

Priya Mervana

Verified Badge Verified Web Security Experts

Priya Mervana is working at SSLInsights.com as a web security expert with over 10 years of experience writing about encryption, SSL certificates, and online privacy. She aims to make complex security topics easily understandable for everyday internet users.

Related Articles:

How to Renew SSL CertificateHow to Renew SSL Certificate What is SSL OffloadingWhat is SSL Offloading? What is Trust StoreWhat is a Trust Store and How to Manage It?

Stay Secure with SSLInsights!

Subscribe to get the latest insights on SSL security, website protection tips, and exclusive updates.

✅ Expert SSL guides
✅ Security alerts & updates
✅ Exclusive offers