generate CSR (Certificate Signing Request) on Linux

CSR stands for Certificate Signing Request.

This is generated on the server where the certificate will be used on.

A CSR contains information about to your organization and domain name, locality, and country and a public key that will be included in your certificate.

If you have already installed open ssl then run the below command to generate CSR.

openssl req -new -newkey rsa:2048 -nodes -keyout -out

If you have not installed open ssl then follow the below procedure to generate CSR.

  • Install open SSl : 
    For redhat based system like centos, redhat etc run the below command to install open ssl.
    yum install openssl 

    For Fedora systems run the below command to install open ssl.

    dnf install openssl
    For Debian based systems run the below command to install open ssl.

    sudo apt-get install openssl
  • Run the below command to generate a key

    openssl genrsa -out 2048
  • Run the below command to generate CSR from a key file.

openssl req -new -key -out


You are about to be asked to enter information that will be incorporated
into your certificate request.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Delhi
Locality Name (eg, city) [Default City]:Delhi
Organization Name (eg, company) [Default Company Ltd]:Nice Pvt Ltd
Organizational Unit Name (eg, section) []:BLOG
Common Name (eg, your name or your server’s hostname) []
Email Address []

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:


[xyz-ihs snippet=”Discuss”]

For any query or issue, feel free to discuss on

Leave a Reply