How to create a CSR (certificate signing request) file?

Before applying for a digital certificate , You must write the key file of the certificate and CSR file .CSR File is the original file of your public key certificate , Contains your server information and your company information , It needs to be submitted to CA Certification Center to audit . It is recommended that you use CSR file , Avoid the audit failure caused by input information error . If you choose to generate manually CSR file , Be sure to keep and back up your key file . Generate... Manually CSR The following information should be paid attention to when the file is ：

The input Chinese information needs to use UTF-8 Coding format , At the same time, you need to edit OpenSSL Tool time , Designated support UTF-8 Coding format .

Certificate services system pair CSR There are strict requirements for the key length of the file , The key length must be 2048bit, The key type must be RSA. If the application certificate is a multi domain name or generic subdomain name , stay Common Name or What is your first and last name? You only need to enter a domain name in the area .

The following is generated using different tools CSR Details of the document .

explain ： If you need to input Chinese information , It is recommended to use Keytool Tool generation CSR file .

Use OpenSSL Tool generation CSR file

logon server .

install OpenSSL Tools .

Execute the following command , Generate CSR file .

opensslreq-new-nodes-sha256-newkeyrsa:2048-keyout[$Key_File]-out[$OpenSSL_CSR]

explain ：

-new： Specify to generate a new CSR file .

-nodes： Specifies that the key file is not encrypted .

-sha256： Specify the digest algorithm .

-newkey rsa:2048： Specify the key type and length .

[$Key_File]： Key file name .

[$OpenSSL_CSR]： The storage path of encrypted files .

The system displays something similar to .

According to the prompt returned by the system , Input generation CSR Information required for the file . The following is a description of the prompt ：

Organization Name： Corporate name , It can be Chinese or English .

Organization Unit Name： Department name , It can be Chinese or English .

Country Code： The country of the applicant , It can only be a two letter country code . for example , China can only be CN.

State or Province： The name of a state or province , It can be Chinese or English .

Locality： The city name , It can be Chinese or English .

Common Name： apply SSL certificate Specific website domain name .

Email Address： You can choose not to enter .

A challenge password： You can choose not to enter .

5、 When you finish entering the command prompt , Get the key file and in the current directory CSR file .

Use Keytool Tool generation CSR file

1、 logon server .

2、 install Keytool Tools .

explain ：Keytool Tools are generally included in JDK In the toolkit .

3、 Execute the following command , Generate keystore Certificate file .

keytool -genkey -alias [$Alias] -keyalg RSA -keysize 2048 -keystore [$Keytool_Path]

explain ：

-keyalg： Key type .

-keysize： The key length is 2048bit.

[$Alias]： Certificate alias , Customizable .

[$Keytool_Path]： Save path of certificate file .

4、 According to the prompt returned by the system , Enter the certificate protection password .

5、 According to the prompt returned by the system , Input generation CSR Information required for the file . The following is a description of the prompt ：

first and last name： The domain name of the certificate .

name of your organizational unit： Department name .

name of your organization： Corporate name .

name of your City or Locality： The city name .

name of your State or Province： The name of a state or province .

two-letter country code for this unit： Two character ISO Country code .

6、 Confirm whether the input is correct , Input Y Said right .

7、 Follow the prompts to enter the key password .

8、 Execute the following command , Generate CSR file .

keytool -certreq -sigalg SHA256withRSA -alias [$Alias] -keystore [$Keytool_Path] -file [$Keytool_CSR]

explain ：

sigalg： Abstract algorithm .

[$Keytool_CSR]：CSR File storage path .

9、 Follow the prompts to enter the certificate password , Generate CSR file .