How to generate CSR through terminal using OpenSSL

Secure Socket Layer (SSL) certificates play a crucial role in securing data transmission over the internet. Whether you're setting up a website, an application, or a server, having an SSL certificate ensures encrypted communication between the client and the server, safeguarding sensitive information from unauthorized access. While there are various methods and tools available to generate SSL certificates, using the terminal provides a straightforward and efficient approach. In this guide, we'll walk through the process of generating SSL certificates using the terminal on a Unix-based system.

  1. Open a terminal window and enter the following command:
    openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
     Note: This command creates a private key file named server.key and a CSR named server.csr. You can change these in the command to your domain name, or a preferred file name.

  2. You will be prompted for the following information:

    1. Country Name: type the two-letter country code for your location, and then press Enter.

    2. State or Province Name: type the full name of your State or Province, and then press Enter.

    3. Locality Name: type the town or city name for your location, and then press Enter

    4. Organization Name: type your company or organization name, and then press Enter.

    5. Organizational Unit Name: if needed, type the organizational unit, then press Enter. Alternatively, to leave this field blank, just press Enter.

    6. Common Name: type the domain name that you want to secure with the SSL certificate, and then press Enter. Note: The common name is often simply your domain name, such as Or, if you are going to install an SSL certificate for a subdomain, However, if you are going to install a wildcard certificate, make sure that you use *, where represents your domain name.

    7. Email Address: type the e-mail address that you want to associate with the certificate, and then press Enter.

    8. Challenge password: *optional* press Enter.

  3. OpenSSL generates the private key and CSR files based on the .key and .csr filenames used in the command during step 1. These files will be saved to your device, however, you can view and verify the information contained in the CSR through terminal. To do this, type the following command:
    cat server.csr
    Note: If you changed the .csr file name, you would replace "server" with your chosen name.
  4. You can use the generated CSR to issue your SSL through your account.



Have more questions? Submit a request


Please sign in to leave a comment.