Generating a Certificate Signing Request (CSR) in Ubuntu

Create your own encryption certificates

Ubuntu loading on a laptop

Uka0310/Wikimedia Creative Commons 

To generate the Certificate Signing Request (CSR) in Ubuntu, you should create your own key. You can run the following command from a terminal prompt to create the key:

openssl genrsa -des3 -out server.key 1024

You can now enter your passphrase. For best security, it should at least contain eight characters. The minimum length when specifying -des3 is four characters. It should include numbers and/or punctuation and not be a word in a dictionary. Also, remember that your passphrase is case-sensitive.

Re-type the passphrase to verify. Once you have re-typed it correctly, the server key is generated and stored on the server.key file.    

You can also run your secure web server without a passphrase. This is convenient because you will not need to enter the passphrase every time you start your secure web server. But it is highly insecure and a compromise of the key means a compromise of the server as well.

In any case, you can choose to run your secure web server without a passphrase by leaving out the -des3 switch in the generation phase or by issuing the following command at a terminal prompt:

openssl rsa -in server.key -out server.key.insecure

Once you run the above command, the insecure key will be stored in the server.key.insecure file. You can use this file to generate the CSR without a passphrase.

To create the CSR, run the following command at a terminal prompt:

openssl req -new -key server.key -out server.csr

It will prompt you to enter the passphrase. If you enter the correct passphrase, it will prompt you to enter Company Name, Site Name, Email Id, etc. Once you enter all these details, your CSR will be created and it will be stored on the server.csr file. You can submit this CSR file to a CA for processing. The CA will use this CSR file and issue the certificate. On the other hand, you can create a self-signed certificate using this CSR.