Software & Apps Linux Generating a Certificate Signing Request (CSR) in Ubuntu Create your own encryption certificates By Juergen Haas Writer Former Lifewire writer Juergen Haas is a software developer, data scientist, and a fan of the Linux operating system. our editorial process Juergen Haas Updated March 11, 2020 Linux Switching from Windows Tweet Share Email To generate the Certificate Signing Request (CSR) in Ubuntu, you should create your own key. You can run the following command from a terminal prompt to create the key: openssl genrsa -des3 -out server.key 1024 You can now enter your passphrase. For best security, it should contain at least eight characters. The minimum length when specifying -des3 is four characters. It should include numbers, punctuation, and not be a word in a dictionary. Also, the passphrase is case-sensitive. Uka0310 / Creative Commons Re-type the passphrase to verify. Once you have re-typed it correctly, the server key is generated and stored in the server.key file. You can also run your secure web server without a passphrase. This is convenient because you won't need to enter the passphrase every time you start your secure web server. However, it is highly insecure, and a compromise of the key means a compromise of the server. In any case, you can choose to run your secure web server without a passphrase by leaving out the -des3 switch in the generation phase or by issuing the following command at a terminal prompt: openssl rsa -in server.key -out server.key.insecure Once you run the above command, the insecure key is stored in the server.key.insecure file. You can use this file to generate the CSR without a passphrase. To create the CSR, run the following command at a terminal prompt: openssl req -new -key server.key -out server.csr It will prompt you to enter the passphrase. If you enter the correct passphrase, it will prompt you to enter Company Name, Site Name, Email Id, and other information. Once you enter these details, your CSR is created and is stored on the server.csr file. You can submit this CSR file to a CA for processing. The CA uses this CSR file and issues the certificate. On the other hand, you can create a self-signed certificate using this CSR.