What is a CSR file?
CSR stands for Certificate Signing Requesters and is a file containing personal or corporate information related to the domain for which a certificate is being requested.
Some certificate sales agents will also create a CSR on behalf of the applicant by providing the necessary information at the time of application.
This article will show you how to create a CSR file using the OpenSSL command.
The contents of the file will be explained later.
1. Create a key file
First, generate the corresponding key file before creating the CSR file.
Go to the working directory and execute the following command
openssl genrsa 2048 "Key name".key
The above command is for when the passphrase is not set.
To set a passphrase, execute with the option "-des3".
openssl genrsa -des3 2048 "Key name".key
It must be noted that the passphrase setting requires the passphrase to be entered each time the CSR file is created or the key file is used.
2. Create a CSR file
openssl req -new -key "Key name".key -out "CSR name".csr
After executing the command, the following questions will be entered.
Country Name (2 letter code) [XX]: State or Province Name (full name) : Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) : Common Name (eg, your name or your server's hostname) : Email Address : Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : An optional company name :
After entering the information, a CSR file will be created.
As long as the CommonName is entered correctly, the CSR file is valid.
3. Consistency check
Check the consistency of the two files generated in 1. and 2.
You can decrypt each file with the following command
openssl rsa -text -noout -in "Key name".key openssl req -text -noout -in "CSR name".csr
When executed, the output results will begin with "Modulus=".
The consistency check is complete if there is no difference between the two output decryption results.
The diff command can also be used to check the differences.
If the command does not show any results, the two files are identical.
diff<(openssl rsa -text -noout -in "Key name".key) <(openssl req -text -noout -in "CSR name".csr)