How do I make a CSR file?
This topic describes how to generate a Certificate Signing Request (CSR) file.
Before applying for an SSL certificate, you need to generate a key file and a CSR file for generating the certificate. The CSR file is the source file of your public key certificate. It contains your server and company information and needs to be submitted to a certificate authority (CA) for review. You are advised to use the CSR file generated by the system to avoid approval failures caused by information input errors. If you choose to manually generate a CSR file, ensure that you properly keep and back up your private key file. Pay attention to the following when manually generating a CSR file:
- UTF-8 encoding is required for input information. Specify UTF-8 encoding when you use OpenSSL to configure the CSR.
- The SSL certificate service system has strict requirements regarding the key length of the CSR file. The key length must be 2,048 bits and the key type must be RSA.
- For a multi-domain SSL certificate or wildcard SSL certificate, you only need to enter a domain name for
Common Name or
What is your first and last name?.
Generating a CSR file using OpenSSL
- Log in to a local computer or server running Linux.
- Install OpenSSL. For installation details, see How to Install OpenSSL?.
- Run the following command to generate a CSR file:
openssl req -new -nodes -sha256 -newkey rsa:2048 -keyout [$Key_File] -out [$OpenSSL_CSR]
- new: generate a new CSR file.
- nodes: do not encrypt the key file.
- sha256: digest algorithm.
- newkey rsa:2048: key type and length.
- [$Key_File]: key file name.
- [$OpenSSL_CSR]: storage path of the encrypted file.
- Enter information required for CSR file generation as prompted. The necessary fields are described as follows:
- Organization Name: company or organization name.
- Organizational Unit Name: department or section name.
- Country Code: two-letter country code of the country where your company is located. For example, enter
CN for China.
- State or Province Name: name of the province or state where your company is located.
- Locality Name: name of the city where your company is located.
- Common Name: website domain name for which you are applying for an SSL certificate.
- Email Address: this field is optional.
- Challenge Password: this field is optional.
After you enter the information as prompted, the key file and CSR file are generated in the current directory.