What's a CSR?
A Certificate Signing Request (CSR) is a message sent to a Certification Authority (CA) to request a public key certificate for an entity (such as a person or a web server). The majority of public key certificates issued are SSL certificates, which are used to secure communications with web sites. Before a CSR can be created, a key pair, which comprises a public and private key, must be generated.
Generate a Key
To generate an RSA key use the genrsa option. The command below generates a 2048 bit RSA key and saves it to a file called key.pem
openssl genrsa -out key.pem 2048
If you require that your private key file is protected with a passphrase, use the command below.
openssl genrsa -des3 -out key.pem 2048
Generate a CSR
If you already have a key, the command below can be used to generates a CSR and save it to a file called req.pem
This is an interactive command that will prompt you for fields that make up the subject distinguished name of the CSR.
openssl req -new -key key.pem -out req.pem
If you do not have a key, the command below will generate a new key and an associated CSR.
The private key will not be protected by a passphrase.
openssl req / -new -newkey rsa:2048 -nodes / -keyout key.pem -out req.pem
View the contents of a CSR
To decode a CSR you can use our online CSR Decoder. However, if you prefer to decode your CSR locally use the command below.
openssl req -in req.pem -noout -text
View the contents of a certificate
To decode a certificate you can use our online Certificate Decoder. However, if you prefer to decode your certificate locally use the command below.
openssl x509 -text -in cert.pem