How To Generate Certificate Signing Request (CSR) or Private Key Using OpenSSL on Windows Machine

In my last post we had learned  How to Install OpenSSL on Windows Machine.

Now When we have successfully installed Open SSL on our windows machine , its time to use the OpenSSL for all stuff related to SSL.

In my following post , we will learn how generate Certificate Signing Request (CSR) file or Private Key which we send to Certification Authority to create SSL against. 

How to Generate CSR \ Private Key using OpenSSL

Step 1. To Generate a CSR using OpenSSL on Windows machine 

            open the Command Prompt as Administrator and navigate to 

            C:\OpenSSL-Win32\bin and type openssl.exe and hit enter.

            

Step 2.  Once the OpenSSL command line interface is visible, type following 

            command to create the Private key. This Private Key will be used to 

            create the CSR file.

            genrsa -out "C:\OpenSSLCertificates\private-key.key" 2048

            

            on successful execution of above command , you will get following 

            output in command window.

Note :  I have specified the path (C:\OpenSSLCertificates) to save all keys and files at centralized location and for the sake of convenience. 

            

Step 3.  Now execute the following command to generate CSR file out of Private 

            Key created in Step 2.

              req -new -key C:\OpenSSLCertificates\private-key.key -out         

              C:\OpenSSLCertificates\www_lalitgolani_com_csr.txt

As soon as you hit the enter button , you will be asked to fill in following details to complete the CSR creation request. Fill in all this information with utter attention to avoid any issues at later stage.

• Country Name: Put in the first 2 letters of country where the site belongs to. Example : IN
• State or Province: Spell the complete name of State , Example : Rajasthan
• Locality or City: Enter your town name :  For example : Jaipur
• Company: Enter the Company Name if you have any
• Organizational Unit: Enter the department name which this website is for. You can leave this blank if you dont want to reveal the department name.
• Common Name: This field is most important. Put in the full name of your website for which you want to create the SSL certificate. Make sure you put the correct name of the website because the SSL certificate will be created based on the this common name only. In your example I have put the Common name as : www.lalitgolani.com 

Note :  Please make sure to not to enter an email address, challenge password or an optional company name when generating the CSR.

 As soon as you complete the above details and hit enter a CSR file will be generated at path which you have mentioned in above command. In our case it will be created on path C:\OpenSSLCertificates with name www_lalitgolani_com_csr.txt

Step 4 :  Now the CSR file (.txt) for your SSL certificate is ready. Just pick the CSR file and send it to any certification authority like Digicert, Verisign etc to get SSL certificate generated against it.

In my Next post I will show how to create the self signed certificate using Open SSL.