OpenSSL - Generate CSR for client certificate

OpenSSL is a command-line program for creating and managing certificates that is widely used by UNIX, Linux and BSD distributions, but there are also versions available for Windows. It is used in combination with many server products, including Apache, Lighttpd and various routers and other hardware. This manual describes how OpenSSL can be used to create a Private Key and CSR for ordering an E-mail signing certificate, also known as S/MIME or client certificate.

Note: It is practical to centrally store all files from the steps below in a directory on your computer. It is very important that this folder is properly protected so that the material cannot get into the hands of strangers!

  1. Open the terminal application on your computer
  2. run the following command openssl req -nodes -newkey rsa:4096 -keyout certificate.key -out certificate.csr
  3. Enter the required data in the fields presented, by using your own details;
    Country Name (2 letter code) [AU]:NL
    State or Province Name (full name) [Some-State]:Noord-Holland
    Locality Name (eg, city) []:Alkmaar
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:Xolphin B.V.
    Organizational Unit Name (eg, section) []:Support
    Common Name (e.g. server FQDN or YOUR name) []:John Doe
    Email Address []
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []: *can be left empty*
    An optional company name []: *can be left empty*
  4. Het bestand certificate.csr wordt nu aangemaakt in de huidige directory van de shell, open deze in je favoriete textditor, en kopieer de complete inhoud naar het klembord.
  5. Complete step 1 of the order process by pasting your CSR in the order form.


Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues

point up