OpenSSL - Generate CSR for client certificate
OpenSSL is a command-line program for creating and managing certificates that is widely used by UNIX, Linux and BSD distributions, but there are also versions available for Windows. It is used in combination with many server products, including Apache, Lighttpd and various routers and other hardware. This manual describes how OpenSSL can be used to create a Private Key and CSR for ordering an E-mail signing certificate, also known as S/MIME or client certificate.
Note: It is practical to centrally store all files from the steps below in a directory on your computer. It is very important that this folder is properly protected so that the material cannot get into the hands of strangers!
- Open the terminal application on your computer
- run the following command openssl req -nodes -newkey rsa:2048 -keyout certificate.key -out certificate.csr
- Enter the required data in the fields presented, by using your own details;
Country Name (2 letter code) [AU]:NL State or Province Name (full name) [Some-State]:Noord-Holland Locality Name (eg, city) :Alkmaar Organization Name (eg, company) [Internet Widgits Pty Ltd]:Xolphin B.V. Organizational Unit Name (eg, section) :Support Common Name (e.g. server FQDN or YOUR name) :John Doe Email Address :email@example.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : *can be left empty* An optional company name : *can be left empty*
- Open the resulting certificate.csr file in your favorite text editor, and copy the complete contents to your clipboard
- Complete step 1 of the order process by pasting your CSR in the order form.