Generating a certificate signing request

The req command is used to generate a CSR. The most basic form of this command specifies the name of the key file you created in the previous step and the name of the output file, which must have a *.csr extension.

The following example also includes the -SHA256 option, which creates a certificate using the SHA256 signature algorithm.

• Windows

  OpenSSL> req -new -key key-filename.pem -out cert.csr -SHA256

• Linux

  $ openssl req -new -key key-filename.pem -out cert.csr -SHA256

When you enter the command, you will be prompted to provide the following information. This information is used to create a distinguishing name (DN) for the certificate.

• The two-letter code for your country, such as US or DE
• The full name of your state or province
• Your city or town
• The name of your organization
• The name of the unit within your organization
• Your name or the host name of the system
• Your email address
• A challenge password – This is not related to the password you assigned when creating the private key. Leave blank unless you understand when and how to use it.
• Company name – Optional