CSR (Certificate Signing Request)

What is CSR :
In public key infrastructure systems, a CSR (certificate signing request) is a message request sent by a client to a certificate authority in order to apply for a digital identity certificate

The CSR consist of information that identifying the applicant and the public key chosen by the client

How to generate a CSR :

Before ordering your SSL Certificate, first of all you need to generate a CSR (Certificate Signing Request) on your server. A CSR is not a software, but just a body of text. The CSR will contain encoded information specific to domain name or organization; this information is known as DN ( Distinguished Name )

The DN for most servers are the following fields: Country Name, State Name, Locality Name, Organization Name, Company Name, Unit Name, email Id, IP Address etc.

Please note:

1) The Country Name is a two-digit code
for example the United States, it’s ‘US’.

2) State and Locality are full names, i.e. ‘California’, ‘Los Angeles’ etc.

3) The Organization Name is your Organization Name Personal Name, as it should be registered in your locality.

4) A registered email address ,

5) The Common Name is the domain name for which you are requesting the ssl certificate.

Important note:

unless you are purchasing a WildCard Certificate, your certificate is only for the single domain like tuks123.com and subdomains will not be secured. if you register www.tuks123.com, then subdomains like billing.tuks123.com, secure.tuks123.com, and support.tuks123.com will NOT be secure. If you want to secure a subdomain specifically, enter the subdomain ’secure.tuks123.com’ as your Common Name. If you are generating a CSR for a Wildcard Certificate your common name should start with *.maindomain.com for example: *.tuks123.com.

Once your CSR is created, you will be able to simply put it into the online SSL order form of any SSL provider.

How to generate CSR through Shell:

Use following script for generating CSR

#/scripts/gencrt

This script will ask you all the information like email address , domain name, Ip Address country code , Locality , Company , company Divison etc.

enter the proper information as per the request and the certificate will get generated under directory /usr/share/ssl/Certs/ as www.tuks123.com.csr

Tuks