How to create a Certificate Signing Request (CSR)?

Let's assume that you are creating a certificate for a domain "". Typically, you create a private key and a Certificate Signing Request (CSR) on a Unix system by running the following command:

$ openssl req -new -sha256 -newkey rsa:2048 -nodes -out -keyout

Generating a 2048 bit RSA private key
writing new private key to ''
Country Name (2 letter code) [XX]: CZ
State or Province Name (full name) []: Hlavni mesto Praha
Locality Name (eg, city) [Default City]: Prague
Organization Name (eg, company) [Default Company Ltd]: Webhosting & Son ltd.
Organizational Unit Name (eg, section) []: Tech Department
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
The request is now located in the file The file contains a private key - please keep it safe and confidential.

If you are creating a request for a wildcard certificate, enter an asterisk (* in the "Common Name" field. The certificate for the domain will also be valid for the name - but this does not apply to CSRs for other subdomains, e.g.:
- CSR for - certificate will be valid for and 
- CSR for - certificate will be valid for  and will not be valid for 
- CSR for - certtificate will be valid for and will not be valid
- CSR for * - wildcard certificate will be valid for,,, ... and will not be valid for

When filling in the CSR do not use diacritics, in case of IDN domain first convert it e.g. using the tool .
For more tutorials on creating CSRs for different servers (Microsoft IIS, Exchange, ...) please visit
The Certification Authority usually requires confirmation of domain ownership via a link sent to the email (you can choose from the following mailboxes: admin, administrator, hostmaster, postmaster, webmaster). Therefore, make the mail services for one of these addresses available on the server. Another validation option is to place the requested text at