top of page


Create a CSR file in just 3 steps

What is a CSR file?

CSR stands for Certificate Signing Requesters and is a file containing personal or corporate information related to the domain for which a certificate is being requested.

Some certificate sales agents will also create a CSR on behalf of the applicant by providing the necessary information at the time of application.

This article will show you how to create a CSR file using the OpenSSL command.

The contents of the file will be explained later.

1. Create a key file

First, generate the corresponding key file before creating the CSR file.

Go to the working directory and execute the following command

openssl genrsa 2048 "Key name".key

The above command is for when the passphrase is not set.

To set a passphrase, execute with the option "-des3".

openssl genrsa -des3 2048 "Key name".key

It must be noted that the passphrase setting requires the passphrase to be entered each time the CSR file is created or the key file is used.

2. Create a CSR file

openssl req -new -key "Key name".key -out "CSR name".csr

After executing the command, the following questions will be entered.

Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

After entering the information, a CSR file will be created.

As long as the CommonName is entered correctly, the CSR file is valid.

3. Consistency check

Check the consistency of the two files generated in 1. and 2.

You can decrypt each file with the following command

openssl rsa -text -noout -in "Key name".key
openssl req -text -noout -in "CSR name".csr

When executed, the output results will begin with "Modulus=".


The consistency check is complete if there is no difference between the two output decryption results.

The diff command can also be used to check the differences.

If the command does not show any results, the two files are identical.

diff<(openssl rsa -text -noout -in "Key name".key) <(openssl req -text -noout -in "CSR name".csr)

This blog post is translated from a blog post written on our Japanese website Beyond Co.

Recent Posts

See All


bottom of page