Generate Private Key and CSR for SSL Certificate

Preface

If you need to create or renew SSL certificate, you can use the following steps.

Procedure

Generate the Private Key

openssl genrsa -out ndkprd-com_2024-2025.private.key 4096

Generate the CSR

Create Config File

nano ndkprd-com-2024-2025.conf

Add the configuration

# Generate Private Key and CSR for SSL Certificate

[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no

[req_distinguished_name]
C = com
ST = Jakarta Special Region
L = Central Jakarta
OU = Information Technology
CN = *.ndkprd.com

[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth

Generate the CSR File using the Configuration

openssl req -newkey RSA:4096 -keyout ndkprd.com_2024-2025.private.key -out ndkprd.com_2024-2025.csr -config ndkprd.com_2024-2025.conf

Test the CSR

openssl req -in ndkprd.com_2024-2025.csr -text -noout

Conclusion

You can use the generated CSR file to request the signed certificate from your Certificate Authority, be it a local one in the organization or an external one, like Google or Digicert.