How to create Certificate Signing Request (CSR) File in Linux

on

certificate signing request,certificate,ssl,csr certificate,signing request,public key,ssl certificate signing requests,certificate authority,how to create certificate signing requests,how to generate a certificate signing request in Linux,certificate signing requesting,certificate signing requesting (csr),request,ssl signing requests


Certificate Signing Request


Secure Socket Layer (SSL) Certificates have a key pair, a public and a private key, which work together to establish an encrypted connection. To get a certificate the first step is creating the Certificate Signing Request (CSR) on the server. The process will create a private and public key on the server. The generated CSR data file will be sent to the SSL Certificate issuer called Certificate Authority, contains the public key. CA creates a data structure to match the private key by using the CSR data file. Once validated, CA issues the SSL certificate. Once SSL is provided, it can be installed on the server. SSL is a security protocol which allows sensitive information to be transmitted securely. SSL secured websites begin with HTTPS rather than HTTP.

Secure Socket Layer


Secure Socket Layer or SSL is one of the most important components of online business for creating a trusted environment. SSL is the standard security technology for establishing an encrypted link between a web server and a browser. In other words, it provides a secure channel between two machines operating over the internet or an internal network. To assure visitors their connection is secure, browsers provide special visual cues called EV Indicators - anything from a green padlock to the branded URL bar.

Steps involved in creating CSR


  • Check for OpenSSL Command line utility. If it's not installed on your computer, then run below mentioned commands, based on the flavor of Linux server, to install them.


      $ sudo apt install openssl  [On Debian/Ubuntu]
      $ sudo yum install openssl  [On CentOS/RHEL]
      $ sudo dnf install openssl  [On Fedora]
      • Use the below-mentioned command to generate CSR and the key that will protect the certificate. 
      $ openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr

      req - Enables Open SSL that handles certificate requests signing.
      -newkey rsa:2048 - creates a 2048 it RSA key.
      -nodes - means don't decrypt the key
      -keyout example.com.key - specifies the filename to write on the created private key.
      -out example.com.csr - specified the filename to write the CSR to.

      • Fill the form with the correct details as mentioned in the legal documents.
      • After creating CSR, using the CAT utility select it and copy it. 
      Your CSR file is ready to be sent to CA for issuing the SSL Certificate.

      Also, there is an alternative to sending the CSR to the CA. There is two types of SSL, one which is signed by CA which we discussed and the other way in which the SSL is self-signed.

      This was one way of generating a CSR file. If you know any more ways of generating SSL for Linux Server then do share the knowledge in the comments section. Also, let me know if you want me to write an article on how to create a self-signed SSL certificate.


      || Feedback and Suggestions are always welcome ||

      Comments

      Post a Comment