How to create Certificate Signing Request (CSR) for SSL certificate?

October 16, 2015
How to create Certificate Signing Request (CSR) for SSL certificate?

You need a Certificate Signing Request (CSR) to request an SSL from an SSL vendor. You don’t need to access the server to create this. All you need to do is to make sure that you have open ssl installed in your computer (Most Linux distributions and Mac OS have this pre-installed and Windows yours can download the binary from here).

Open your terminal (or DOS command prompt) and execute the following code:

openssl genrsa -out 2048

The above line of code will create a private key (2048 bit) for generating the CSR. You will also need this key later when you install the certificate on the server. For generating a csr you can issue:

openssl req -new -out

When you issue this command, the system will request some information from you. A sample is shown below (the response you should provide are given in red colour):

Country Name (2 letter code) [AU]: Country Code (eg: US, GB etc)
State or Province Name (full name) [Some-State]: You may ignore this
Locality Name (eg, city) []: City Name
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Name of your company
Organizational Unit Name (eg, section) []: You may skip this
Common Name (e.g. server FQDN or YOUR name) []: Your domain name (eg:
Email Address []:Your email address

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: You may ignore this
An optional company name []:You may ignore this

This will generate the CSR you need.

What next?

You need to upload the CSR onto the vendor’s website and you will have to compete the verifications required by the vendor.

The vendor will then issue the SSL certificate with either the bundle or individual CA certificates. You will have upload them to the server to enable SSL.

What about Fly My Cloud (FMC) Platform?

Our wonderful support team will generate all the necessary certificates for you and install the same on our middleware. All you need to do is complete the verification requests (i.e. to prove that you own the domain).