DTT

How to Generate a CSR on CentOS 8

Published: December 1, 2025 (Updated: Dec 1, 2025)

Enjoying this content? Subscribe to the Channel!

Generate Your SSL Certificate Signing Request (CSR) on CentOS 8: The Easy OpenSSL Guide

Hi everyone, Darren O’Neill here from Darren’s Tech Tutorials!

If you’re ready to secure your website with an SSL certificate, the very first step—before you even purchase the cert—is generating a Certificate Signing Request (CSR). This special file contains your public key and details about your organization, allowing the certificate provider to create a custom SSL certificate uniquely linked to your domain.

In this quick, practical tutorial, we’ll walk through exactly how to generate this crucial CSR file using the robust OpenSSL tool on a CentOS 8 system. While we’re focusing on CentOS 8, the steps and commands are essentially identical across most Linux distributions.

Let’s dive in and get this done!

Step 1: Install OpenSSL (If Not Already Installed)

OpenSSL is the cryptographic toolkit we’ll use to generate the keys and the CSR file. While often pre-installed, it’s always a good idea to ensure you have the latest version.

To install OpenSSL via the YUM package manager, use the following command:

sudo yum install openssl

You will be prompted to confirm the installation. Type Y and hit Enter. Once the installation completes, you’re ready for the generation phase.

Step 2: Generating the Private Key and CSR File

This step involves a single, powerful command. It tells OpenSSL to create two things simultaneously:

  1. A secure, 2048-bit Private Key (.key file).
  2. The Certificate Signing Request (.csr file).

We will use the following command structure. Remember to replace yourkeyname.key and yourdomainname.csr with names that are relevant to your project and domain (e.g., darrenoneill.key and darrenoneill.csr).

The CSR Generation Command

openssl req -new -newkey rsa:2048 -nodes -keyout yourkeyname.key -out yourdomainname.csr

Understanding the Switches:

Switch Meaning
-new Tells OpenSSL you want to create a brand new certificate request.
-newkey rsa:2048 Generates a new RSA private key that is 2048 bits long (standard security practice).
-nodes No DES encryption. This means the key will not be password-protected, allowing your server software (like Apache or Nginx) to read it without needing human intervention upon restart.
-keyout Specifies the filename for your new Private Key.
-out Specifies the filename for your new CSR file.

Paste the command into your terminal, modify the filenames, and hit Enter.

Step 3: Entering Your Certificate Details

After running the command, OpenSSL will begin prompting you for several pieces of organizational information. It is crucial to enter this information accurately, especially the Common Name.

The Required Input Fields

Follow the prompts carefully:

  1. Country Name (2 letter code): Enter your two-letter ISO country code (e.g., IE for Ireland, US for United States).
  2. State or Province Name (Full name): The full name of the state or province where your organization is located (e.g., Leinster).
  3. Locality Name (e.g., city): The city where your organization is based (e.g., Dublin).
  4. Organization Name (e.g., company): The legally registered name of your company (e.g., Darren’s Tech Tutorials).
  5. Organizational Unit Name (e.g., section): Often used for departments (e.g., IT, Web Services).
  6. Common Name (e.g., server FQDN or YOUR name): THIS IS THE MOST IMPORTANT FIELD. This must be the exact domain name you are securing (e.g., darrenoneill.eu). If you require a wildcard certificate, you would enter *.yourdomain.com.
  7. Email Address: Your administrative email address.

Extra Prompts

You may also be prompted for an “optional extra password” or a “challenge password.” For standard web SSL certificates, we generally leave these blank. Just hit Enter to skip them.

Step 4: Locating Your CSR and Private Key

Once you hit Enter after the final prompt, the generation is complete!

Run the ls command in your directory to confirm the two files have been created:

ls

You should see your two new files:

  1. yourdomainname.csr: This is the Certificate Signing Request.
  2. yourkeyname.key: This is your Private Key.

What to Send to the Provider

Your SSL certificate provider (like Comodo, GeoTrust, etc.) only needs the content of the .csr file.

Use a text editor or the cat command to view the contents of the file:

cat yourdomainname.csr

The output will be a large block of encoded text, starting with -----BEGIN CERTIFICATE REQUEST----- and ending with -----END CERTIFICATE REQUEST-----. Copy this entire block of text and paste it into the CSR field on your provider’s website.

Crucial Security Note: The .key file is your Private Key. This is the secret cryptographic component that authenticates your server. You must keep this file secure and private. Never share it with your certificate provider or anyone else.

Conclusion

And there you have it! In just a few simple steps, you’ve successfully generated the necessary files to purchase and install an SSL certificate on your CentOS 8 machine. You now have your CSR ready to send off, and you’re one step closer to securing your website with HTTPS.

If this tutorial was helpful, please let me know by hitting that Like button! Don’t forget to Subscribe to Darren’s Tech Tutorials for more clear, actionable guides. If you run into any issues during the process, drop a comment below, and I’ll do my best to help you out!

Thanks for watching!