All Documents
Current Document

Content is empty

If you don't find the content you expect, please try another search term

Documentation

CSR file generation methods

Last updated:2021-03-15 15:39:38

Before applying for a certificate, you must submit a CSR file for identity authentication and generation of a certificate public key file. When you generate a CSR file, a private key file is also generated. Keep the private key file confidential and back up the private key file.

Use OpenSSL to generate a CSR file

  1. Install OpenSSL.
  2. Execute the following command to generate a CSR file:
    openssl req -new -nodes -sha256 -newkey rsa:2048 -keyout myprivate.key -out mydomain.csr
  3. Enter the following data as prompted.

Note: The data entered here must be consistent with the data that you entered when you completed the certificate request.

Field Description Example Restrictions
Country Name ISO country code CN Two capital English characters
State or Province Name State or province name Beijing Chinese or English.
Locality Name City name Beijing Chinese or English.
Organization Name Organization name Beijing Kingsoft Cloud Internet Technology Co., Ltd. Chinese or English.
Organizational Unit Name Unit name Product Dept. Chinese or English.
Common Name Domain name www.ksyun.com N/A
Email Address N/A N/A This field is not required.
A challenge password N/A N/A This field is not required.
An optional company name N/A N/A This field is not required.
[root@xxxx ~]# openssl req -new -nodes -sha256 -newkey rsa:2048 -keyout myprivate.key -out mydomain.csr
Generating a 2048 bit RSA private key
............................+++
...................+++
writing new private key to 'myprivate.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN            
State or Province Name (full name) []:Beijing 
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:Beijing xxx Technologies.Inc.
Organizational Unit Name (eg, section) []:IT Dept
Common Name (eg, your name or your server's hostname) []:www.myhost.com
Email Address []:        

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:

The following files are generated and saved in the current directory: private key file private.key and CSR file domain.csr.

Use keytool to generate a CSR file

  1. Execute the keytool -genkey -alias cert -keyalg RSA -keysize 2048 -keystore ./domain.jks command.

  2. Enter the certificate protection password and the following data as prompted:

    Note: The data entered here must be consistent with the data that you entered when you completed the certificate request.

Question Description Example Restrictions
What is your first and last name? Domain name www.ksyun.com N/A
What is the name of your organizational unit? Unit name Product Dept. Chinese or English.
What is the name of your organization? Organization name Beijing Kingsoft Cloud Internet Technology Co., Ltd. Chinese or English.
What is the name of your City or Locality? City name Beijing Chinese or English.
What is the name of your State or Province? State or province name Beijing Chinese or English.
What is the two-letter country code for this unit? ISO country code CN Two capital English characters
  1. Verify that you have entered the data correctly and enter Y as prompted.

  2. Enter the key password.

  3. Use the certificate file to generate the CSR file.

    keytool -certreq -sigalg SHA256withRSA -alias mycert -keystore ./mydomain.jks -file ./mydomain.csr

On this page
Pure ModeNormal Mode

Pure Mode

Click to preview the document content in full screen
Feedback