Generate CSR using openssl

Browsers started to warn users about certificates with Sha1 signature. Sha256 is needed now a days.
So it’s time to renew certificates from Thawte, Godaddy, etc

You can generate a new Certificate Signing Request with openssl with this command:

openssl req -nodes -newkey rsa:2048 -keyout servername.key -out servername.csr -sha256

“servername.csr” is an ascii file you can send or paste to your certification authority’s interfaces.

Version: tested with OpenSSL 1.0.1e 11 Feb 2013 on Debian 7

Howto generate an SSL key and self signed cert with openssl

For SSH, HTTPS, TLS SMTP,POPS, IMAPS you need a RSA key pair. Most Linux package installers produce this pairs automatically, but if you like, you can generate them yourself.

The quickest method I found is:

openssl req -x509 -nodes -newkey rsa:2048 -keyout servername.key -out servername.crt -days 1024

This command asks you some questions. The most important one is:

Common Name (e.g. server FQDN or YOUR name)

Enter the hostname of your server here.

You can check the content of key and crt files with these commands:

openssl rsa -in servername.key -text
openssl x509 -in servername.crt -text