Sometimes I generate a CSR to acquire an SSL cert from a public CA.

Normally where I work I do this from a windows server.  For my personal knowledge I decided to  refresh myself on how to do this with OpenSSL.

What’s OpenSSL?

OpenSSL is an open-source implementation of the SSL and TLS protocols.

To generate a Certificate Signing Request (CSR) to submit to  a CA I used the following example of commands:

openssl req -nodes -newkey rsa:4096 -keyout PrivateSSLKey.key -out CertificateRequest.csr

You will be prompt for information about your request which will generate a private key file along with the CSR that you send out.

Note: In my example I am using a RSA Size of 4096 for stronger security.

Note: In-light of the sunsetting of SHA-1 The following example below seem to be appropriate after January 1st 2014:

openssl req -nodes -sha256 -newkey rsa:4096 -keyout PrivateSSLKey.key -out CertificateRequest.csr

More info :
https://shaaaaaaaaaaaaa.com/

https://konklone.com/post/why-google-is-hurrying-the-web-to-kill-sha-1