Sometimes I generate a CSR to acquire an SSL cert from a public CA.
Normally where I work I do this from a windows server. For my personal knowledge I decided to refresh myself on how to do this with OpenSSL.
What’s OpenSSL?
OpenSSL is an open-source implementation of the SSL and TLS protocols.
To generate a Certificate Signing Request (CSR) to submit to a CA I used the following example of commands:
openssl req -nodes -newkey rsa:4096 -keyout PrivateSSLKey.key -out CertificateRequest.csr
You will be prompt for information about your request which will generate a private key file along with the CSR that you send out.
Note: In my example I am using a RSA Size of 4096 for stronger security.
Note: In-light of the sunsetting of SHA-1 The following example below seem to be appropriate after January 1st 2014:
openssl req -nodes -sha256 -newkey rsa:4096 -keyout PrivateSSLKey.key -out CertificateRequest.csr
More info :
https://shaaaaaaaaaaaaa.com/
https://konklone.com/post/why-google-is-hurrying-the-web-to-kill-sha-1