How to generate a CSR in Apache OpenSSL? How to generate a CSR in ...

Step 1: Log in and generate private key

Log in to your server's terminal via Secure Shell (SSH). Generate a new private key using the command below if you don't already have one. Please keep the new private key private-key.pem safe and do not lose it. You will need to use the same private key to generate the CSR to renew the SSL certificate in the future.

openssl genrsa -out private-key.pem 2048

Create new private key

Step 2: Run Certificate Signing Request (CSR) generation command

Generate a new CSR with the newly created private key private-key.pem using the command below. Please change mydomain-com.csr filename based on your domain name so that it is easily to keep a track of.

openssl req -new -key private-key.pem -out mydomain-com.csr

Step 3: Enter your information

Enter CSR details when prompted.

Common Name: The FQDN (fully-qualified domain name) you want to secure with the certificate such as,, *, etc.
Organization: The full legal name of your organization including the corporate identifier.
Organization Unit (OU): Your department such as ‘Information Technology’ or ‘Website Security.’
City or Locality: The locality or city where your organization is legally incorporated. Do not abbreviate.
State or Province: The state or province where your organization is legally incorporated. Do not abbreviate.
Country: The official two-letter country code (i.e. US, CH) where your organization is legally incorporated.

Note: You are not required to enter a password or passphrase. This optional field is for applying additional security to your key pair.

Enter CSR details

Step 4: Copy the CSR text from the file

Locate and open the newly created CSR in a text editor and copy all the text including:


Open CSR text in a text editor

Step 5: Verify Certificate Signing Request (CSR) details

You can use the CSR Decoder online tool to verify the details of Certificate Signing Request (CSR).