Programster's Blog

Tutorials focusing on Linux, programming, and open-source

Generate A CSR

SSL StartSSL openssl

To generate a Certificate Signing Request (CSR), simply use the following command:

MY_SITE="www.domain.com"

openssl req -new -newkey \
  rsa:2048 \
  -keyout $MY_SITE.key \
  -out $MY_SITE.csr

Make sure to remember the password you use to encrypt the CSR, but you do not need to set the "challenge password".

Copy and paste the contents of the newly generated .csr file into the web form and select "PKI" before entering the password you used to encrypt the CSR.

Now decrypt the private key file with:

MY_SITE="www.domain.com"

openssl rsa \
  -in $MY_SITE.key \
  -out $MY_SITE.decrypted.key

Now download the certificate bundle from StartCom. You will need the certificates provided by the site, along with the decrypted file in your Apache/Nginx configuration.

Last updated: 23rd August 2022
First published: 16th August 2018

This blog is created by Stuart Page

I'm a freelance web developer and technology consultant based in Surrey, UK, with over 10 years experience in web development, DevOps, Linux Administration, and IT solutions.

Need support with your infrastructure or web services?

Get in touch
Programster's Blog Ⓒ 2025