IBM Support

Secure with Digital Certificate: Create Certificate Signing Request with OpenSSL

Technical Blog Post


Abstract

Secure with Digital Certificate: Create Certificate Signing Request with OpenSSL

Body

Author: Manisha Khond

 

Before you request certificate from the Certificate Authority, you have to generate Certificate Signing Request (CSR).

 

What is a CSR?

A CSR or Certificate Signing request is a block of encoded text that is provided to a Certificate Authority when requesting an SSL Certificate. A CSR consists mainly of the public key of a key pair, and some additional information. Both of these components are inserted into the certificate when it is signed.

What Information Is Included in a CSR?

The CA will use the data from the CSR to build your SSL Certificate. The CSR include information about your business and the website you’re trying to secure, including:

Common Name (CN)

(*.companyname.com) 

Fully Qualified Domain Name of your server
Organization (O) The legal name of your Organization
Organizational Unit (OU) The division of your Organization handling the Certificate
City/Locality (L) The City where your Organization is located.
State (S) The State where your Organization is located.
Country (C) 2 letter code of the country where your Organization is located
Email address Email address used to contact your Organization


 

There are several tools available that you can use to create CSR. This blog specifically demonstrate creating CSR with OpenSSL.

Below example creates a CSR with RSA keylength 2048, SHA256 Cryptographic hash algorithm.

 

openssl req \

  -new -sha256 -newkey rsa:2048 -nodes \

  -subj '/CN=www.ibm.com/O=IBM/C=US/ST=Michigan/L=Ann Arbor' \

  -keyout mykey1.pem -out myreq1.pem

 

Output:

Generating a 2048 bit RSA private key

.....................................+++

...+++

writing new private key to 'mykey1.pem'

 

The above OpenSSL command creates a private key mykey1.pem and creates a CSR myreq1.pem

 

Content of the Private key mykey1.pem.

 

-----BEGIN RSA PRIVATE KEY-----

MIIEogIBAAKCAQEAuaxly4fmrph+Le16qAuQ+or8O1deSeULGomwuUc1FQx0Sdrv

yVe6x8EybMjq4dAq+fqYjY/gFnIlGt+j+v/Y2EDDgA4vPs+cwMdt88qN9b/I6Pua

+vg6J0TZwZL8eHxe3mLEQszBAnfqW2jowHntaEjRC84j5jNlz98Pgm/S87k2SzTI

saVDQRPZva4+oDMzRzSwELWCsO53atu76r7ygFkPNusMpL4sfrsXMWuzKIuJh7X7

l8bD45FbBJ/IJ1O3GNQVsMsweeya4A6oorYf7O2QWSu8Q6vRfF8fXhnrusC2h/2n

uXEH2klX3eJk+ongTOSfCXy+GPxFr+pqPMExxwIDAQABAoIBAB6gOyI5RmmiKZ31

v/ecAMvyxOwc2yahKxWzhHzrK+xO45eTD15MpDhyu5iKA4Q/y/bzyNoA01ugdFJc

dTXfoar588VZkZ1wrVB3FMHTtVrFyaP0bHndG+qCRtDRJ+fPy+4uqGTEVUnM8dEm

Gs40zl4XNLQXyoAcFj0Vc/915nvg1wuThvHnkbdHtJPdk1gU4Yr+6RAwq+GjnUWm

flEn/9mqdF7JZuWSNvUAbUiv2Xakrr3XBefRsyysejyuz+st5IY/UNq/Kq9uK7Vu

ariQsCsgbcdrZ8UifUiyt6SCCZx4fQSfEvc1ynuI9VIvHu/IYeAt2RowJS9ugeNc

/YsrnhECgYEA35FtJA60ZWVvo6Dmk8hHqqkZtqgp8GZH4i8PQ0Shz2Twg3BZhCpc

obzCgEIPVna1v3fqiWosUQFJag+0wZXos/wW8D1xS6fEjoVvJXBHyGJeZO1z+42h

wHxXhzyjCbCEGN9l0foauJya0Dz8o4zHHGL54OxpD3himsbnvIyS0mUCgYEA1Juw

wRFtiVdeZp9zziMs531dzYYPGSz3OLPe8Z+qNZY3ALv25gueZEUKZDrIufEb/yTU

Z1v7SKB0NF/7clIAsCDEvugyT7TRcNJOzSfV6J7E9AJOSxg3wydXZM6V81zuYiTH

NVIBD/qs8k/A1TSPz2jnunc6QDug4gtgJxPCWrsCgYA3/Jc0XGpYqhpXA8g6YgFw

f4Bs+ZfnF/YQcnCEC//pjAGfKNeB/YnNBxQ+QkzM/lVtaX5Wgzwt3QChiuVdRUlN

KWglKX3h0FWsy0WWPpP7Xob9B2nwKPvE1F6nA0xg9M9f2zIIb3WZnb43P86UtoB2

X2LsLMfyk9c9o2oNEbcC8QKBgDwHWXipuwu0J2tCSihBtkQGGZ4V491v3L2dy6zd

L+nBZ/ZFHAkH7sjQ1YZHMrWNZiI7+9zTE7gF1cmT8CLvFFKmbeaZGNt4ako4lxdF

0BfF/EYJAKIjTFtFmF9WFPCJpKUBTV24saQZWwtviTqphJFDRWpYj5HjRCGOpK9j

3NRRAoGAMaNg2hzhzhArRCpSugj/uIhNJrAIlSkj5FRqtXL82ZxgjIH/IjcFw9qt

l2Dik0sVPJrLqrr1jdmdtOjuXgT78nB6mOqG5/ixE9NO0+7wvWvYqjkv61hOAjot

g3xf8OqEUpP6uzQFet1Yr8Y1T19lOEYo8ci8dCCvaogL1WCIdz8=

-----END RSA PRIVATE KEY-----

 

Content of Certificate Signing request (CSR) myreq1.pem.

 

-----BEGIN CERTIFICATE REQUEST-----

MIICnTCCAYUCAQAwWDEUMBIGA1UEAxMLd3d3LmlibS5jb20xDDAKBgNVBAoTA0lC

TTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1pY2hpZ2FuMRIwEAYDVQQHEwlBbm4g

QXJib3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5rGXLh+aumH4t

7XqoC5D6ivw7V15J5QsaibC5RzUVDHRJ2u/JV7rHwTJsyOrh0Cr5+piNj+AWciUa

36P6/9jYQMOADi8+z5zAx23zyo31v8jo+5r6+DonRNnBkvx4fF7eYsRCzMECd+pb

aOjAee1oSNELziPmM2XP3w+Cb9LzuTZLNMixpUNBE9m9rj6gMzNHNLAQtYKw7ndq

27vqvvKAWQ826wykvix+uxcxa7Moi4mHtfuXxsPjkVsEn8gnU7cY1BWwyzB57Jrg

Dqiith/s7ZBZK7xDq9F8Xx9eGeu6wLaH/ae5cQfaSVfd4mT6ieBM5J8JfL4Y/EWv

6mo8wTHHAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAgJ2yMNfZxanOVBO2EoPk

AR8OCl3QDiMJ/K0vopwbI6YTq1pOLUgcmbG5GTdLAIfz9DswSGeerurR4vnpI2bP

dCaf9MUEJEo/vREYvBqeYq2fnC8X1ENHNCkVWZahk7FNb0joAwEUL2T0Xh2kTFZk

4WzotjCW+A6u0vDyf3ErYLEKlhsjGWrgddyz7/ioWOHvZ3WWlpoW6uMpgN656Hn7

lo9m7UyHMeIeJ/RHdgLrQUiHShvV2iZU36YFop8opnwL8Hwp9mT4ubknQwN6mNPF

/4dynS5Z0FkBNWKGOGWJxNqJRc2836bJE1WOj/JQgK0eDnTgJfaRAV+cMf7FwU1m

rA==

-----END CERTIFICATE REQUEST-----

 

 

Private Key:
image

 

CSR:

 

image

 

image

 

 

Now you have the Private key and the Certificate Signing Request. You can proceed to request a Certificate from Certificate Authority.

 

 

[{"Business Unit":{"code":"BU055","label":"Cognitive Applications"},"Product":{"code":"SSMHNK","label":"IBM Sterling B2B Integrator"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":""}]

UID

ibm11120605