A CSR is a file that contains your application data and the public key to your private key. Create your CSR file as follows and then copy its contents into the appropriate field in the ordering process. By default, the OpenSSL cryptography tools are configured to generate only SHA-1 signatures.
If you want to generate a SHA-256 signed CSR, add -sha256 to the command line.
To create a key pair consisting of a private key and a public certification request (CSR), type the following command:
openssl req -new -nodes -sha256 -keyout filename.key -out filename.csr -newkey rsa:2048
It is recommended that you choose the file name so that you can assign it uniquely to the site later. We therefore recommend that you use the domain to be certified by replacing the dots with underscores as file names, for example, www_psw_net.key or www_psw_net.csr.
The command creates two files. The file with the extension key contains the private key, so do not pass this file on to third parties. Please make a backup of your private key in any case, since there is no possibility of recovery after a loss. The private key serves as the basis of the certificate request (CSR) and thus also as the basis of the certificate.
When creating the CSR, you will be asked for some details that are included in the CSR next to the public key and make it unique. Some fields have a default value, to accept it simply press Enter, if you want to leave the field blank enter a dot (.).
Country Name (2 letter code) [AU]: DE
enter your country code here
State or Province Name (full name) [Some-State]: Hesse
enter your state here
Locality Name (e. g. city): Fulda
enter your location here
Organization Name (e. g. company): MyCompany
here you enter your company name / organisation name / first and last name, whichever is most appropriate for you
Organizational Unit Name (eg, section): IT
here you can enter a department, but this field can also remain empty
Common Name (e.g. server FQDN or YOUR name): www.domain.de
here you enter the site to be secured, the information must contain a complete domain name, so if you want to protect https://domain.de/……, enter www.domain.de, domain.de is not sufficient, unless you only want to protect https://domain.de/… Files and directories, on the other hand, are always included, cf. also http://cvs.openssl.org/chngview?cn=21799
E-mail Address: firstname.lastname@example.org
enter your e-mail address here
You may be asked for the following ‘additional’ information
A challenge password:
An optional company name:
Please always leave those blank.
Your CSR is now created. Then open the file filename.csr in a text editor and copy its contents into the field provided in the ordering process.