SYSTEM ADMIN BOOK
  • Hardware/Physical Machines
    • Physical Networking
      • Patch Panel
    • Hardware Devices
    • PC Build
  • System Configuration
    • Windows
      • OneDrive for Business, Map as Network Drive in Windows
      • PDF Printer
      • Reset Windows Password
    • Linux
    • Mac
      • Factory Reset Mac Mini
      • Install FortiClient VPN
      • Remove FortiClient VPN for Macs
      • Setting Microsoft Teams Notifications in MacOS
      • Download and Install Whatsapp
  • Windows Server
    • Basic Configurations
      • Change Hostname
      • Change Default RDP Port
      • Create a User
      • Add user to Administrator group
      • Add user to Remote Desktop Users group
      • Allow Multiple Remote Desktop Connections
      • Enable Insure Guest Authentication
      • Shrink Partition
      • Extend Partition
    • FTP Server
      • Install FTP Server (IIS)
      • Create User Group
      • Add FTP Site (IIS)
      • User Isolation
      • Allow Firewall
      • FTP Client (FileZilla)
      • FTP Server (FileZilla)
      • Configure Passive Mode in FileZilla Server
      • Configuring Windows Firewall for FileZilla Server
      • FileZilla: Password reset
    • Group Policy
      • Block Access to the Control Panel for All Users
      • Create a Logon Banner (Legal Notice)
      • Enable / Disable Copy-Paste Policy
      • Disable Shutdown, Restart Options
      • Disable Multiple Session for Single User
    • Services
      • NSSM - the Non-Sucking Service Manager
    • Task Scheduler
  • Control Panels
    • Plesk
      • Set Hard Quota on disk space for subscription(s)
      • Changing MX, A, and CNAME Records
      • Host Node.js Application
      • Add FTP account
      • Remove FTP account
    • SolidCP
    • cPanel
  • Virtualization
    • Proxmox VE
      • Introduction
      • Download Proxmox ISO
      • Prepare Installation Media
      • Launch Proxmox Installer
      • Create a VM
  • Web Servers
    • IIS
      • Install IIS
      • Configure Default Site
      • Application Pool
      • Installing PHP
      • Deploying a Laravel app on Windows using IIS
      • Update PHP Version in IIS
  • VPN/Proxy Servers
    • Reverse Proxy
      • IIS - Node.js Application
  • Database Servers
    • MS SQL
      • Download and Install
      • Install SSMS
      • Enable SA Account
      • Change SA Account Password
      • Enable Network Access to SQL Express
      • Create and configure a user in MSSQL
  • Web Dev Stacks
  • IT Ticketing Systems
    • Jira Ticketing System
  • Linux Servers
  • AWS Environment
  • Azure Environment
  • Backup and Security
    • SSL Certificates
      • Types of SSL Certificates
      • IIS 10: Create CSR and Install SSL Certificate
      • IIS 7: Generate CSR for Wildcard SSL
      • IIS: Generate CSR for Multi-Domain SSL
      • OpenSSL: Generate CSR
      • IIS 10: How to Install and Configure Your SSL Certificate on Windows Server
      • IIS: Export Pfx using MMC
      • IIS: Import Pfx using MMC
      • IIS: Export Pfx using IIS Manager
      • IIS: Import Pfx using IIS Manager
      • cPanel: Export PFX
      • Godaddy-CPanel: Generate a CSR
      • Godaddy-CPanel: Install SSL Certificate
      • cPanel: Generate CSR
      • cPanel: Install SSL Certificate
      • cPanel: Install Let's Encrypt SSL
      • Plesk: Generate CSR
      • Plesk: Let's Encrypt SSL Installation
      • Plesk: Installing the SSL certificate
      • Plesk: Export Public & Private Key
      • Win-ACME Let's Encrypt SSL
      • Certbot - Install SSL
      • Export Leaf, Root, and Intermediate Files
    • Backup
      • Database
        • MS SQL DB Backup
        • MS SQL Restore Backup
    • Microsoft Defender for Endpoint
      • Introduction & Licenses
  • Email and Office 365
    • Troubleshooting
      • Run a message trace in the Exchange admin center
      • Not receiving email
      • Office 365 Apps Activation Error
    • Mail Clients
      • Outlook
        • Maximum number of Exchange accounts in an Outlook profile
        • Enable automatic forwarding in new Outlook
        • Add Email Signature
        • Create Email Singature
        • Gmail Account Login in Outlook
      • Apple Mail
        • Add email accounts in Mail on Mac
        • Add Mail Signatures
    • Office 365
      • Intro & Subscriptions
      • How to Create a Trial Account
      • How to Access the Office 365 Admin Center
      • Creating a Tenant
      • Create Users
      • Creating & Managing Roles
      • Add a Domain
      • Manage MFA
      • Assign Global Admin Roles
      • Create APP Password
      • Change a user name and email address
      • Reset MFA for Microsoft 365 User
      • Configure email forwarding
      • Add email aliases to a user
      • Change Username or Email Address
    • Google Workspace
      • Intro & Plans
      • Create your Google Workspace trial account
      • Review your DNS records
      • Adding Users
      • Create organizational units
      • Restrict access to a Google Workspace service
      • Edit user attributes
      • Manage user accounts
      • Suspend a User
      • Generate a Transfer Token
      • Reduce Licenses in Google Workspace
    • MailEnable
    • SmarterMail
      • SmarterMail Installation
      • SmarterMail Server Setup
      • Installation and Configuration (Practical)
      • Enable / Disable Domain in SmarterMail
    • Microsoft Teams
      • Guest Access vs. External Access
      • Adding Guests To Microsoft Teams Team
      • Teams Chat DIfferent Domain: Enable External Access
      • Setup Teams Time Zone and Work Hours
      • Add Contact Numbers in Profile Page
    • Microsoft Defender for Office 365
      • Remove blocked users from the Restricted entities page
  • DevOps
  • Firewalls
    • Windows Firewall
  • Networking
    • Cisco Router Config
    • Cisco Switch Config
      • Basic Data and Voice VLAN Setup Homelab
  • Migration
    • Drive Migration
      • Google Drive to One Drive
    • Mail Migration
      • Google Workspace to Office 365
      • IMAP to Office 365
      • Migration Using PST File Method
    • VM Migration
    • Website Migration
    • Database Migration
  • Monitoring
    • Prometheus
      • Monitoring Windows Servers Using Prometheus
    • Grafana
      • Visualize Data in Grafana
    • Loki
  • Data Center
  • Other Technologies
    • Some R&Ds
      • Active vs. Passive Mode in FTP
      • IIS Recycling and Virtual Memory Limit
      • IIS Application Pool
Powered by GitBook
On this page
  • Introduction
  • Prerequisites
  • CSR Generation Process
  • Practical
  • Step 1: Generate a Private Key (4096-bit)
  • Step 2: Generate the CSR (Certificate Signing Request)
  • Step 3: Verify the CSR
  • REFERENCES

Was this helpful?

  1. Backup and Security
  2. SSL Certificates

OpenSSL: Generate CSR

PreviousIIS: Generate CSR for Multi-Domain SSLNextIIS 10: How to Install and Configure Your SSL Certificate on Windows Server

Last updated 9 days ago

Was this helpful?

Introduction

A Certificate Signing Request (CSR) is a crucial step in obtaining an SSL/TLS certificate for securing websites, servers, or other network services. The CSR contains encoded information about the organization, domain, and public key, which is used by a Certificate Authority (CA) to issue a digital certificate.

OpenSSL is a widely used open-source tool for cryptographic operations, including generating CSRs. On a Windows Server, OpenSSL can be installed and used to create a 4096-bit CSR, ensuring strong encryption and security.

Prerequisites

  • OpenSSL installed on the Windows Server. If not installed, it can be downloaded from .

  • Administrative access to the server.

  • A valid domain name for the SSL certificate.

CSR Generation Process

The process involves two key steps:

  1. Generating a private key (4096-bit or Other).

  2. Creating a CSR using the private key.

After generating the CSR, it must be submitted to a Certificate Authority (CA) like DigiCert, Let's Encrypt, or GoDaddy for SSL certificate issuance.

Practical

Step 1: Generate a Private Key (4096-bit)

Open Command Prompt (cmd) as Administrator and run:

openssl genrsa -out domain_private.key 4096

Step 2: Generate the CSR (Certificate Signing Request)

Run the following command:

openssl req -new -key domain_private.key -out domain.csr

It will prompt you to enter details such as:

  • Country Name (e.g., IN)

  • State or Province Name (e.g., ASSAM)

  • Locality Name (e.g., Guwahati)

  • Organization Name (e.g., My Company Ltd)

  • Organizational Unit Name (e.g., IT Department)

  • Common Name (e.g., www.example.com)

  • Email Address (optional)

  • A Challenge Password (leave empty by pressing Enter)

  • An Optional Company Name (leave empty by pressing Enter)

Step 3: Verify the CSR

After generating the CSR, verify it using:

openssl req -text -noout -verify -in domain.csr

This displays the CSR details and ensures everything is correct.

REFERENCES

OpenSSL for Windows
https://openssl-library.org/source/
https://phoenixnap.com/kb/generate-openssl-certificate-signing-request