CSR is Certificate Signing Request file. It will be generated on server on which the SSL certificate will be used. This file contains details about organization and URL in encrypted format. Whenever you approach any vendor for getting SSL certificate for your webserver, you have to submit this CSR file to them. Based on information in this CSR file your certificate will be generated.
1. Login to server on which certificate will be used.
2. Run below command to generate 2048 bit key file with name myfile.key. This key file will be used for generation of CSR. This command will ask you for a password which will be assigned within key file. Use password of your choice. This password you need to supply while generating CSR.
# openssl genrsa -des3 -out myfile.key 2048
3. Now genrate CSR file using the key file we generated in above step.
# openssl req -new -key myfile.key -out myfile.csr -sha256
Note that sha256 will generate CSR with SHA2 algorithm which is preferred normally. If -sha256 argument is not given, CSR will be generated with SHA1 which is outdated and normally not preferred.
4. Command will ask you key file password along with below information.
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) :
Common Name (eg, your name or your server's hostname) :
Email Address :
Please enter the following 'extra' attributes to be sent with your certificate request
A challenge password :
An optional company name :
5. Once you get CSR file, you cat check its using cat. Its bunch of encrypted code which you can even decode and check information within on this link. If there is any typo in data you can regenerate CSR before submitting to vendor.