How to Generate a CSR in Debian?

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 5.00 out of 5)
Loading...
CSR Generation on Debian

CSR generation on Debian has been vital when it comes to installing an SSL certificate to secure your website. Here is a step by step procedure to help you understand the entire procedure thoroughly to enable you to generate your CSR code within the shortest time possible.

Step 1: Log into Your Server

To begin, one has to establish a connection with the server through Secure Shell (SSH). This can be from your terminal or command line interface. Enter the following command:

ssh your_username@your_server_ip

Replace the username part in the code with your actual server username and replace ‘your_server_ip’ with your server’s IP address. You will then type in your password. Once signed in you will be redirected to your server.

Step 2: Create the CSR File and Private Key

To proceed to subsequent activities, the CSR and the private key should be generated and the next requirement is access to a server. This is done by typing the OpenSSL command in the above format. In the command prompt, the following command should be typed:

openssl req -new -newkey rsa:2048 -nodes -keyout mywebsite.key -out mywebsite.csr

Note: Here, mywebsite is used as the domain name, replace it with the proper domain name you are using on your website. For example, suppose the domain name of a website is an example.com, the command should be.

openssl req -new -newkey rsa:2048 -nodes -keyout example.key -out example.csr

This command regenerates a new 2048-bit RSA private key and a CSR corresponding to it.

Step 3: Enter the Required Information

The next step is to run the command on OpenSSL – OpenSSL will request the information that will have to be included in CSR.

Here is a breakdown of what each of the fields looks like which you are required to complete:

Country Name: Kindly insert the two letters of the country code of your organization’s legal registration.

For instance, if the country of interest is the United States of America, the abbreviation to type in is ‘US.’ For Canada, the abbreviation to type in is ‘CA.’ You can check a directory for all country codes if you are still deciding what country code to use.

State or Province Name: Either key in the total name of the state or province where your organization is situated or just the code. Do not use abbreviations.

Locality Name (City): Please fill in the name of the entire city where your organization is situated.

Organization Name: This field is mandatory for Business and Extended Validation certificates. Please provide your organization’s legal name. One may enter a personal full name to foil the open phishing attempt for a Domain Validation certificate.

Organizational Unit Name: Provide the name of the department of your online platform, whether it be IT or Web Administration, etc. Including this field is not mandatory, but it is highly advised.

Common Name: Type the FQDN that you would like to encrypt with the SSL certificate. For example, example. com. For a wildcard certificate, an asterisk should come before the name of the domain in question, for example, *.example.com.

Email Address: They should give a valid email address. This is used for writing letters, invites, and notification of issuance of certificates.

A Challenge Password: On this one, filling in the blank with any value of any data is optional. If you decide to create the password to the secret key, remember it since it will be used at the certificate installation.

An Optional Company Name: This field can be left blank or contain your brand name or any name you intend to use online for your brand.

Here’s an example of the process:

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:San Francisco
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example Inc
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:example.com
Email Address []:[email protected]

Please enter the following ‘extra’ attributes to be sent with your certificate request

A challenge password []:
An optional company name []:

Step 4: Verify Your CSR and Private Key Files

When all the given fields have been completed OpenSSL will create the CSR along with the private key files.

These files will reside in the working directory – the folder that will contain all temporary or intermediate material used during analysis and should be deleted upon the analysis completion. To confirm the creation of these files, run the ls command.

You should see two new files in your directory: The actual Web address that the client of the hosting company wants people to type in their browser is their mywebsite.key and mywebsite.csr (or example.key and example.csr if you used the example domain name).

Step 5: Submitting the CSR to Your Certificate Authority

After you have created your CSR, you have to send the data that you have generated to the CA of your preference. The procedure normally entails going to the web site of the CA and pasting the content of the CSR file into a special form. Make sure that you have closed all the tags at the appropriate places.

—–BEGIN CERTIFICATE REQUEST—–
[Your CSR content]
—–END CERTIFICATE REQUEST—–

Once you receive your SSL Certificate, you can follow our guide to Install SSL Certificate on Debian Server.

Conclusion

Order cheap SSL certificates from CheapSSLweb and protect your website. Protect data and gain customers’ trust with our accessible approaches.

Janki Mehta

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.