Generating a private key and CSR from the command line

This guide explains how to generate a private key and Certificate Signing Request (CSR) using the command line. You'll need to do this if you're obtaining an SSL certificate for a system without cPanel or Plesk access, such as a dedicated server or unmanaged VPS.

⚠️ Important: If your account includes cPanel or Plesk, skip this process. Use the SSL/TLS Manager in cPanel or the SSL/TLS Certificates tool in Plesk to generate your private key and CSR.

Steps to Generate a Private Key and CSR

Log in to your server using SSH.
At the command prompt, run the following command:

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

📝 Note: This command generates a private key (server.key) and a CSR (server.csr). You can rename these files as needed.

Complete the prompts that follow:

Country Name: Enter the two-letter country code for your location (e.g., US or FR). Find the full list of codes at ISO's country code database. Press Enter.
State or Province Name: Type your state or province, then press Enter.
Locality Name: Enter your city or town, then press Enter.
Organization Name: Type your company or organization name, then press Enter.
Organizational Unit Name: Enter a department name (optional). Press Enter to skip.
Common Name: Enter the domain name for the SSL certificate (e.g., example.com for a standard certificate, subdomain.example.com for a subdomain, or *.example.com for a wildcard certificate). Press Enter.
Email Address: Enter an email address to associate with the certificate, then press Enter.
Challenge Password: Press Enter to skip.
Optional Company Name: Press Enter to skip.

OpenSSL will create the private key (server.key) and CSR (server.csr) files. Submit the contents of the server.csr file to your certificate authority to obtain your SSL certificate. Do not share the private key (server.key).

💡 Tip: To verify the CSR's contents, run this command: openssl req -noout -text -in server.csr