Skip to content Skip to sidebar Skip to footer

How to Generate CSR and Private Key with openssl in Linux Redhat

Hello everyone, in this article I will share one of the ways that you may still need to get .csr and .key files for ssl that you will buy and implement on your webserver.

On this occasion I shared How to generate .CSR and .Key with openssl in Linux Redhat, which is intended for ssl wildcards that can be used for main domains and your sub domains are usually called SAN (Subject Alternative Name).


Make sure you have openssl installed in your machine by looking at the command whether it is already in the /var /run/openssl directory, or you can see the version by:

# openssl version


If you don't have it, you can install it first in the following way:

# yum groupinstall "Development Tools"

Also, make sure that before installing the development tools you have mounted your local repo and have activated your Redhat subscription.

After all that is needed it is time for us to generate this ssl wildcard.


Create 1 .conf file in the directory you want, in this case I created a .conf file in the /home/kitsake directory.

# cd /home/kitsake
# vi kitsake.conf

[ req ]
default_bits            = 2048  # RSA key size
encrypt_key             = no  # Protect private key
default_md              = sha256  # MD to use
utf8                    = yes  # Input is UTF-8
string_mask             = utf8only  # Emit UTF-8 strings
prompt                  = no  # Prompt for DN
distinguished_name      = server_dn  # DN template
req_extensions          = server_reqext  # Desired extensions

[ server_dn ]
countryName             = ID  # ISO 3166
stateOrProvinceName     = Banten
localityName            = Tangerang
organizationName        = PT. Bangkit Ade Saputra
organizationalUnitName  = IT
commonName              = *  # Should match a SAN under alt_names

[ server_reqext ]
basicConstraints        = CA:FALSE
keyUsage                = critical,digitalSignature,keyEncipherment
extendedKeyUsage        = serverAuth
subjectKeyIdentifier    = hash
subjectAltName          = @alt_names

DNS.1                   = *  #Example
DNS.2                   =

Save & exit

Make sure you have replaced the [server_dn] and [alt_names] with your information, or you can customize your own options as needed.

After you create the file correctly, then kitsa is ordered to make the .csr and .key files.

# openssl req -new -newkey rsa:2048 -nodes -keyout -out -config kitsake.conf

There will be 2 files generated from the command above, namely .csr and .key in the same directory (/home/kitsake)

generate csr and private key with openssl
generate csr and private key with openssl


In this case, to make sure our file is correct or not, we can test it in the CSR Decoder and paste our CSR information into the column provided, whether it is read according to what we want.

make sure the csr file is read
make sure the csr file is read
Bangkit Ade Saputra
Bangkit Ade Saputra Hard-working professional with experience and a proven knowledge of operating system, server architecture and system configuration.

Post a Comment for "How to Generate CSR and Private Key with openssl in Linux Redhat"