Generate CSR for your domain from Terminal in Centos 7

To obtain an SSL certificate, a Certificate Signing Request (CSR) must be generated. This can be done using openssl on Linux based servers. The procedure is as follows:

1. Install openssl

[[email protected] ~]# yum install openssl openssl-devel

2. Navigate to the location where you want to save your Private RSA Key. Here, we will create a directory inside of home called certs.

[[email protected] ~]# mkdir /home/example/certs/

[[email protected] ~]# cd /home/example/certs/

3.Run the command below to generate the key. Remember to change your directory path

[[email protected] ~]# openssl genrsa -out /home/example/certs/ 2048

A successful execution yields something like what you can see below

[[email protected] ~]# openssl genrsa -out /home/example/certs/ 2048

Generating RSA private key, 2048 bit long modulus



e is 65537 (0x10001)

[[email protected] certs]#

4. Run the command below, replacing the paths respectively, to generate a CSR with the RSA key. The output will be in PEM format.

[[email protected] ~]# openssl req -new -sha256 -key /home/example/certs/ -out /home/example/certs/

5. Fill in the various pieces of information prompted. They will be included in the certificate request. You can ignore the ‘Extra’ information by pressing Enter on your keyboard. Also, note that there are some special characters that cannot be used in the Organization Name and Organization Unit sections. These are < > ~ ! @ # $ % ^ * / \ ( ) ? . , &

You should now have your CSR ready and saved in a file called in the certs folder you created.

6. You can verify the information in the CSR using the command below

[[email protected] ~]# openssl req -noout -text -in /home/example/certs/

At this point you should proceed to your preferred SSL vendor and use the CSR to secure an SSL certificate. SSL certificate are very affordable nowdays. We even have Free SSL available. RapidSSL offers a 30 day trial SSL, Comodo offers a 90 day free SSL and Let’s Encrypt offers free for life SSL. Check out or for your Let’s Encrypt SSL.

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *