Manually create a CSR for a self-signed certificate


You are able to manually create a CSR via Secure Shell. To proceed with these steps, you must have a Shell user configured in your panel and general knowledge of the UNIX Shell.

View the following articles for further information

DreamHost support cannot provide assistance with these steps. You’ll need to have basic knowledge of the UNIX shell to complete this procedure.

Creating a CSR

  1. Connect to your domain via SSH. Visit the SSH article for instructions.
  2. Once logged into your server via SSH, make sure you're in your user's home directory:
    [server]$ cd ~
  3. Use OpenSSL to create your private key which you will use to create the CSR. Type in the following to open the OpenSSL command line tool.
    [server]$ openssl
    Your command prompt now changes to OpenSSL> which means you’re ready to run the following commands.
  4. Generate a new RSA private key by entering the following command without a password:
    OpenSSL> genrsa -out private.key 2048
    Generating RSA private key, 2048 bit long modulus
    e is 65537 (0x10001)
    This will create a private key named private.key. You’ll use this to create the CSR.
  5. Create the CSR by running the following command:
    OpenSSL> req -new -sha256 -key private.key -out file.csr
    You are then prompted for the following information:

    "Common Name" is where you put your domain name, e.g., or

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN. 
There are quite a few fields but you can leave some blank 
For some fields there will be a default value, 
If you enter '.', the field will be left blank.-----
Country Name (2 letter code) [AU]: 
State or Province Name (full name) [Some-State]: 
Locality Name (eg, city) []: 
Organization Name (eg, company) [Internet Widgits Pty Ltd]: 
Organizational Unit Name (eg, section) []: 
Common Name (eg, YOUR name) []: 
Email Address []: 

Please enter the following 'extra' attributes 
to be sent with your certificate request 
A challenge password []: (Enter a . and click ENTER) 
An optional company name []:(Enter a . and click ENTER)
  • Quit the OpenSSL prompt:
    OpenSSL> quit
  • Your CSR is now created. Based on the command you ran above, this file is named file.csr. You can view it's contents by running the following command:

    [server]$ cat file.csr
  • You can either cut and paste this to a file on your local computer, or log into your server via FTP and download the file.

See also

Did this article answer your questions?

Article last updated PST.

Still not finding what you're looking for?