CSR/KEY Tutorial (openssl)

A CSR (Certificate Signing Request) is required for (re-)issueing a SSL certificate. Typically you will create a Private-Key together with the CSR directly on your server. Alternatively you can also use our CSR generator, which is available here.

Here you can find CSR creation instructions for all kinds of platforms (Microsoft IIS, Cisco, cPanel, Citrix, Apple, AWS, Lotus Domino, Nginx, Novell, Plesk, Red Hat, Tomcat, Zeus, etc. ...).

These are the commands for creating a CSR (Certificate Signing Request) with 4096 bit private key unter Linux:


Obligatory fields: In "COUNTRY" there has to be a two-digit country code, e.g. US or GB. In "COMMON NAME" you have to specify the FQDN (fully qualified domain name). For single domain certificates this should be something like www.domain.com or subdomain.domain.com. For SSL Wildcard certificates the field "COMMON NAME" should have something like *.domain.com including the * (star) wildcard placeholder. The password is optional. Please keep in mind to not use these forbidden special characters: [!@#$%^()~?><&/\,."'_öäüÄÖÜß]

After you have placed your CSR with interssl and have approved the authentication email, you will receive your SSL certificate via e-mail. Most of the time a certificate will be issued within 2 minutes after authentication. In some rare cases GeoTrust will want to do a manual inspection, in this case it will typically be delivered within 24 hours during workdays. To our experience, this might happen more frequently for domains related to financial or governmental usa.