Generating a CSR (Certificate Signing Request)
Last Updated:
Here's a script to help you generate a Certificate Signing Request (CSR). You'll need a CSR when interacting with Certificate Authorities (CAs), which are the companies that issue TLS/SSL certificates. These CAs require a CSR as a type of "package" with all the detailed information on your site, company, etc. so they can issue your certificate and your information does gets mangled in transit.
Edit the top part of this script with your information.
IMPORTANT: Only use details you're ok with being public and DO NOT share your key. Download your key for later and keep it in a safe place.
#!/usr/bin/env bash
##############
## Steps:
## 1) Save as a file "csr.sh"
## 2) Edit the settings below
## 3) Run "bash ./csr.sh"
## 4) Your files will be in a new
## directory named as your domain
##
## Make SURE you save a copy of the key at the end
## which is the file named "[full-domain].key"
## Never expose this key file in public!
##
## Your CSR is the file named "[full-domain].csr"
## Check your CSR with this tool, by copying/pasting contents
## https://www.digicert.com/ssltools/view-csr/
#############
# For most certificate authorities...
# Use "www." to cover both root domain and "www."
DOMAIN="www.ansibletutorials.com";
# You probably should use a 2048-bit key here
# Larger keys like 4096-bit will lower performance with little benefit
# Source: https://www.fastly.com/blog/key-size-for-tls
KEY_SIZE="2048";
# Organization Details
# NOTE: Only use details you're ok with being public
COUNTRY="US";
STATE="Illinois";
CITY="Chicago";
ORGANIZATION="Ansible Tutorials";
DEPARTMENT="Security";
EMAIL="security@ansibletutorials.com";
#########################
#########################
echo "Making CSR for ${DOMAIN}...";
# Create Directory
mkdir -p "./${DOMAIN}";
# Generate Key + CSR (Certificate Signing Request)
openssl req -nodes \
-newkey "rsa:${KEY_SIZE}" \
-keyout "./${DOMAIN}/${DOMAIN}.key" \
-out "./${DOMAIN}/${DOMAIN}.csr" \
-subj "/C=${COUNTRY}/ST=${STATE}/L=${CITY}/O=${ORGANIZATION}/OU=${DEPARTMENT}/CN=${DOMAIN}/emailAddress=${EMAIL}";
echo -e "\n\nAll Done!\n==> Your files are in the directory: ./${DOMAIN}/\n\n";