A CSR is a file that contains your application data and the public key to your private key. Create your CSR file as follows and then copy its contents into the appropriate field in the ordering process. By default, the OpenSSL cryptography tools are configured to generate only SHA-1 signatures.

If you want to generate a SHA-256 signed CSR, add -sha256 to the command line.

To create a key pair consisting of a private key and a public certification request (CSR), type the following command:


openssl req -new -nodes -sha256 -keyout filename.key -out filename.csr -newkey rsa:2048


It is recommended that you choose the file name so that you can assign it uniquely to the site later. We therefore recommend that you use the domain to be certified by replacing the dots with underscores as file names, for example, www_psw_net.key or www_psw_net.csr.

The command creates two files. The file with the extension key contains the private key, so do not pass this file on to third parties. Please make a backup of your private key in any case, since there is no possibility of recovery after a loss. The private key serves as the basis of the certificate request (CSR) and thus also as the basis of the certificate.

When creating the CSR, you will be asked for some details that are included in the CSR next to the public key and make it unique. Some fields have a default value, to accept it simply press Enter, if you want to leave the field blank enter a dot (.).


Country Name (2 letter code) [AU]: DE

enter your country code here


State or Province Name (full name) [Some-State]: Hesse

enter your state here


Locality Name (e. g.  city): Fulda

enter your location here


Organization Name (e. g.  company): MyCompany

here you enter your company name / organisation name / first and last name, whichever is most appropriate for you


Organizational Unit Name (eg, section): IT

here you can enter a department, but this field can also remain empty


Common Name (e.g. server FQDN or YOUR name): www.domain.de

here you enter the site to be secured, the information must contain a complete domain name, so if you want to protect https://domain.de/……, enter www.domain.de, domain.de is not sufficient, unless you only want to protect https://domain.de/… Files and directories, on the other hand, are always included, cf. also http://cvs.openssl.org/chngview?cn=21799


E-mail Address: info@domain.de

enter your e-mail address here

You may be asked for the following ‘additional’ information


A challenge password:

An optional company name:


Please always leave those blank.

Your CSR is now created. Then open the file filename.csr in a text editor and copy its contents into the field provided in the ordering process.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert