The ’ –nodes’ option is to specifying that the private key should not be encrypted with a pass phrase. Organization Name (eg, company) :Ansol Pvt LtdĮmail Address ‘–newkey rsa:2048’ is the option which we are specifying that the key should be 2048-bit using the RSA algorithm. If you enter '.', the field will be left blank. There are quite a few fields but you can leave some blankįor some fields there will be a default value,
What you are about to enter is what is called a Distinguished Name or a DN. You are about to be asked to enter information that will be incorporated $ openssl req -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr Also, the ‘.CSR’ which we will be generating has to be sent to a CA for requesting the certificate for obtaining CA-signed SSL.īelow is the command to create a 2048-bit private key for ‘domain.key’ and a CSR ‘domain.csr’ from the scratch. If we want to use HTTPS (HTTP over TLS) to secure the Apache or Nginx web servers (using a Certificate Authority (CA) to issue the SSL certificate). This CSR can be used to request an SSL certificate from a certificate authority. In this section, we will cover about OpenSSL commands which are related to generating the CSR. subj "/C=IN/ST=Telengana/L=Hyderabad/O=Ansole Pvt Ltd/CN=" Generating CSRs server FQDN or YOUR name) :Įmail Address can also provide the information by non-interactive answers for the CSR information generation, we can do this by adding the –subj option to any OpenSSL commands that we try to generate or run.īelow is an example for the –subj option where we can provide the information of the organization where we want to use this CSR. Organizational Unit Name (eg, section) :ApplicationĬommon Name (e.g. Organization Name (eg, company) :Ansole Pvt Ltd. State or Province Name (full name) :Telengana Here is a general example for the CSR information prompt, when we run the OpenSSL command to generate the CSR. If we purchase an SSL certificate from a certificate authority (CA), it is very important and required that these additional fields like “Organization” should reflect your organization for details. The next item in a DN is to provide the additional information about our business or organization. The important field in the DN is the Common Name (CN) which should be the FQND (Fully Qualified Domain Name) of the server or the host where we intend to use the certificate with. While generating a CSR, the system will prompt for information regarding the certificate and this information is called as Distinguished Name (DN).
Both these components are merged into the certificate whenever we are signing for the CSR. A CSR consists of mainly the public key of a key pair, and some additional information. If we want to obtain SSL certificate from a certificate authority (CA), we must generate a certificate signing request (CSR). This article helps you as a quick reference to understand OpenSSL commands which are very useful in common, and for everyday scenarios especially for system administrators. OpenSSL is a CLI (Command Line Tool) which can be used to secure the server to generate public key infrastructure (PKI) and HTTPS.
0 kommentar(er)
