Generate CSR for your domain from Terminal in Centos 7

To obtain an SSL certificate, a Certificate Signing Request (CSR) must be generated. This can be done using openssl on Linux based servers. The procedure is as follows:

1. Install openssl

[root@web ~]# yum install openssl openssl-devel

2. Navigate to the location where you want to save your Private RSA Key. Here, we will create a directory inside of home called certs.

[root@web ~]# mkdir /home/example/certs/

[root@web ~]# cd /home/example/certs/

3.Run the command below to generate the key. Remember to change your directory path

[root@web ~]# openssl genrsa -out /home/example/certs/ 2048

A successful execution yields something like what you can see below

[root@web ~]# openssl genrsa -out /home/example/certs/ 2048

Generating RSA private key, 2048 bit long modulus



e is 65537 (0x10001)

[root@web certs]#

4. Run the command below, replacing the paths respectively, to generate a CSR with the RSA key. The output will be in PEM format.

[root@web ~]# openssl req -new -sha256 -key /home/example/certs/ -out /home/example/certs/

5. Fill in the various pieces of information prompted. They will be included in the certificate request. You can ignore the ‘Extra’ information by pressing Enter on your keyboard. Also, note that there are some special characters that cannot be used in the Organization Name and Organization Unit sections. These are < > ~ ! @ # $ % ^ * / \ ( ) ? . , &

You should now have your CSR ready and saved in a file called in the certs folder you created.

6. You can verify the information in the CSR using the command below

[root@web ~]# openssl req -noout -text -in /home/example/certs/

At this point you should proceed to your preferred SSL vendor and use the CSR to secure an SSL certificate. SSL certificate are very affordable nowdays. We even have Free SSL available. RapidSSL offers a 30 day trial SSL, Comodo offers a 90 day free SSL and Let’s Encrypt offers free for life SSL. Check out or for your Let’s Encrypt SSL.

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *