Cryptography Tutorials - Herong's Tutorial Examples - Version 5.33, by Dr. Herong Yang
Generating Certificate Signing Request (CSR)
This section provides a tutorial example on how to generate a CSR (Certificate Signing Request) for your public key with OpenSSL.
In order to send your public key to a CA for signing, you need to put the public key in a file called certificate signing request (CSR). Here is how to use the "req" command to do this:
>openssl req -new -key herong_rsa_des.key -out herong.csr -config openssl.cnf Enter pass phrase for herong_rsa_des.key: You are about to be asked to enter information that will be incorp... into your certificate request. What you are about to enter is what is called a Distinguished Name... There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) :CN State or Province Name (full name) :PN Locality Name (eg, city) :LN Organization Name (eg, company) :ON Organizational Unit Name (eg, section) :UN Common Name (eg, YOUR name) :Herong Yang Email Address :. Please enter the following 'extra' attributes to be sent with your certificate request A challenge password :myreq An optional company name : >type herong.csr -----BEGIN CERTIFICATE REQUEST----- MIIBETCBvAIBADBXMQswCQYDVQQGEwJDTjELMAkGA1UECBMCUE4xCzAJBgNVBAcT AkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDASBgNVBAMTC0hlcm9uZyBZ YW5nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKnmGcbuiAGG2XKek5LbVwF7AoT8 HuNXXip7KyWevbrFlSxJWSjfpmeGJo7/Nsw6hFwor28RyAy1wsW5BNYOXdECAwEA AaAAMA0GCSqGSIb3DQEBBAUAA0EALE+d7H514HyQXu2CgwXYDvqZRngFLZFdGxQN 6AtEXXV+eC2c+URNBcmoF3oghJdPqZv7D1nZ7EBf20XSWzioQA== -----END CERTIFICATE REQUEST-----
Note that the certificate is also saved in an encoded format called PEM.
Last update: 2013.
Table of Contents