Create and Process a CSR with OpenSSL

9 Jul

A little article about Certificate requesting and processing with OpenSSL.

First command to create your csr and private key.

openssl req -nodes -newkey rsa:2048 -keyout privkey.key -out cert.csr
remove -nodes if you want to encrypt your private key (recommended)

You need to enter:

The private key password
Country Name (2 letter code)
State or Province Name (full name)
Locality Name (eg, city)
Organization Name (eg, company)
Organizational Unit Name (eg, section)
Common Name (eg,
Email Address

The optional data can be left blank for website certs

An optional Company Name
A challenge password

Now you’re ready to send your .csr file to your Certificate Authority. They will deliver your certificate. If you want to do a final check on your .csr you can do so on the Verisign SSL check website

Optional you can bundle your private and public key in a .PFX file with the following command.

openssl pkcs12 -export -in cert.cer -inkey privkey.key -out mycert.pfx
You need to enter the private key of the .pem file and a new password to encrypt the .pfx file

When you get a ‘No certificate matches private key’ error please view this article.


Leave a Reply