The following instructions will guide you through the CSR generation for a Code signing certificate. This tutorial is written based on a Windows 10 Installation.
To complete the instructions below you will need to have OpenSSL installed on your computer.
Windows users can download a copy of the OpenSSL installer here: Wiki OpenSSL
For OSX users, OpenSSL should be installed by default on your machine.
We have installed the Win64 OpenSSL v3.0.0 Light version from the SSL Pro web link.
After you have downloaded and installed the exe or MSI file, click on the Windows key or on your keyboard or click on the Windows Icon in your lower left corner of your screen and type: OpenSSL
Click Win64 OpenSSL Command Prompt app.
This will open a command line console as shown below and by default it would be on c:\Users\YourUserName\.
Please note, this is also the default location where your CSR and Private key will be saved.
For this tutorial we have created a folder on the C:\ Drive called codesigning to easily locate the files.
Here is the plain text version to copy and paste into your terminal:
openssl req -new -newkey rsa:3096 -nodes -keyout server.key -out server.csr
Note: This command will create 2 files in the folder codesigning, server.key (your Private Key) and server.csr (Your CSR file), with a 3096 Bits RSA key.
Enter the following CSR details when prompted:
Country Name: This would be the 2 Letter country code (ISO Country Codes) where your organization is legally incorporated. In this example it would be NL for The Netherlands.
State or Province name: The state or province where your organization is legally incorporated. Do not abbreviate. In our example: Utrecht
City or Locality: The locality or city where your organization is legally incorporated. Do not abbreviate. In our example: Amersfoort
Organization: The full legal name of your organization including the corporate identifier. Our example: Rapid Web Service EMEA b.v.
Organization Unit (OU): Your department such as 'Information Technology' or ‘Website Security.’, this is not a mandatory field, you can leave it blank
Common Name: For code signing CSR files, you will need to add the same as you entered with Organization. Our Example: Rapid Web Services EMEA b.v.
Note: You are not required to enter a password or passphrase. This optional field is for applying additional security to your key pair.
This is what our example CSR looks like:
Locate and open the newly created CSR in a text editor such as Notepad and copy all the text including: Our example: server.csr
-----BEGIN CERTIFICATE REQUEST-----And
-----END CERTIFICATE REQUEST-----
Note 1: Your CSR should be saved in the user folder as were you started after opening the Win64 OpenSSL Command Prompt app.
In the example we used the c:\codesigning\ folder to store the CSR and Private key files.
Note 2: We recommend saving or backing up your newly generate “.key” file as this will be required when you want to sign any applications or code.
Return to the Order Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process.