How Do I Make a CSR File?
Before applying for a digital certificate, you must generate a private key and a certificate signing request (CSR). The CSR file is the source file for your public key certificate. It contains your server and company details and needs to be submitted to the CA for review.
Select the System generated CSR option because manually generated certificates often include errors. For details about how to handle the failure in getting approved, see What Can I Do When a Message Indicating Approval Failure Due to Blank Main Domain Name Is Displayed?
A private key file will be generated when the CSR file is generated manually. Keep your private key stored safely.
The following describes how to generate a CSR file. You can select whichever method you prefer.
- Generating a CSR File Using OpenSSL
If you need to enter Chinese characters, use Keytool to generate a CSR file.
- Generating a CSR File Using Keytool
SCM has strict requirements on the key type and length of the CSR file. The key must be RSA and it must be 2,048 bits long.
Generating a CSR File Using OpenSSL
- Install the OpenSSL tool.
- Run the following command to generate a CSR file:
openssl req -new -nodes -sha256 -newkey rsa:2048 -keyout myprivate.key -out mydomain.csr
- -new specifies that a new CSR is generated.
- -nodes specifies that the private key file is not encrypted.
- -sha256 specifies the digest algorithm.
- -newkey rsa:2048 specifies the type and length of the private key.
- -keyout specifies that a private key file is generated. The file name can be customized.
- -out specifies that the name of the CSR file is generated. The name can be customized.
- Generate a CSR file named mydomain.csr.
Figure 1 Generating a CSR file
The information to be entered is as follows:
Field
Description
Example Value
Country Name
Two-letter code of the country where your company is located. For example, enter CN for China.
CN
State or Province Name
The name of the province or state where your company is located.
ZheJiang
Locality Name
The name of the city where your company is located.
HangZhou
Organization Name
The legal name of your company.
HangZhou xxx Technologies, Inc.
Organizational Unit Name
The department of your company that the applicant belongs to
IT Dept.
Common Name
The website domain name you are applying for an SSL certificate for.
NOTE:- For a certificate with multiple domain names, enter the primary domain name to be associated with the certificate.
- For a wildcard-domain certificate, enter the wildcard domain name. Example: *.example.com
www.example.com
Email Address
Email of an applicant.
The CSR file password does not need to be entered. Just press Enter.
-
A challenge password
CSR file password.
The CSR file password does not need to be entered. Just press Enter.
-
- Make sure that UTF8 encoding format is used for a Chinese character–based certificate with OpenSSL. In addition, enable the UTF8 support during OpenSSL compilation.
- SCM has strict requirements on the key type and length of the CSR file. The key must be RSA and it must be 2,048 bits long.
After you enter information as prompted, the myprivate.key (private key file) and mydomain.csr (CSR) files are generated in the current directory.
Generating a CSR File Using Keytool
- Install Keytool, which is typically included in the Java Development Kit (JDK) tool package.
- Use Keytool to generate a Keystore certificate file.
The Keystore file contains a key. For details about how to export the key, see What Are Mainstream Formats of Digital Certificates?
- Run the following command to generate the keystore certificate file:
keytool -genkey -alias mycert -keyalg RSA -keysize 2048 -keystore ./mydomain.jks
- -keyalg specifies the key type, which must be RSA.
- -keysize specifies the key length, which must be 2,048.
- -alias specifies the certificate alias, which can be customized.
- -keystore specifies the path for saving the certificate file. The certificate file name can be customized.
Figure 2 Generating the keystore certificate file
- Enter the certificate password and enter information described in the following table:
Question
Description
Example Value
What is your first and last name?
Domain name for which you are applying for a certificate.
NOTE:- For a certificate with multiple domain names, enter the primary domain name to be associated with the certificate.
- For a wildcard-domain certificate, enter the wildcard domain name. Example: *.example.com
www.example.com
What is the name of your organizational unit?
Name of the department that the applicant belongs to.
IT Dept
What is the name of your organization?
The name of the company to which the applicant belongs.
HangZhou xxx Technologies,Ltd
What is the name of your City or Locality?
The city where an applicant is located.
HangZhou
What is the name of your State or Province?
The state or province where an applicant is located.
ZheJiang
What is the two-letter country code for this unit?
The country where the applicant belongs. Use a two-character ISO country code.
CN
After you enter the information, review the entered content for errors. If there are no errors, press Y.
- Enter the key password as prompted. The password can be the same as the certificate password. If they are the same, press Enter.
- Run the following command to generate the keystore certificate file:
- Use the certificate file to generate a CSR.
- Run the following command to generate a CSR file:
keytool -certreq -sigalg SHA256withRSA -alias mycert -keystore ./mydomain.jks -file ./mydomain.csr
- -sigalg specifies the digest algorithm, which is SHA256withRSA.
- alias specifies the alias, which must be the same as the certificate alias in the keystore file in -alias.
- -keystore specifies the certificate file.
- -file specify the CSR file. The file name can be customized.
- Enter the certificate password as prompted to generate the mydomain.csr file.
- Run the following command to generate a CSR file:
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.