06 Jun 2010

Replace SSL Certificates: Step 2: Generate a new SSL Certificate Request

This article forms part of the Replacing vSphere SSL Certificates series.

Before you continue with the following procedure, ensure that you have completed Step 1: Prepare OpenSSL and Microsoft CS

We will be using OpenSSL to generate a new RSA key. We will then use this key to generate a new SSL Certificate Request that we can submit to the Microsoft Certificate Authority that we have created in Step 1.

 On the SSL Server that we have prepared in Step 1, Open a new command prompt window and change directory to the “C:\OpenSSL-Win32\bin” directory.


The "C:\OpenSSL-Win32\bin" directory holds all the files necessary to generate new SSL certificate requests. Openssl.exe should be used to generate the following two files:

  • rui.key  - A 1024-bit RSA key that we will use to generate a new SSL Certificate request file
  • rui.csr   - The .csr file contains the certificate request information that can be submitted to a SSL Certificate Authority in order to issue a new SSL Certificate.

First, lets' create a new key file. At the command prompt, type "openssl genrsa 1024 > rui.key" and press enter.


A new file called “rui.key” has now been created under “C:\OpenSSL-Win32\bin”. This file can now be used to generate a new certificate request file.

Now that the rui.key file has been created by OpenSSL, issue the following command at the prompt in order to generate a new certificate request file: “openssl req –new –key rui.key > rui.csr


OpenSSL will now request the following information that will be package into the certificate request file. This information will be used by the Certificate Authority to issue and sign a new SSL Certificate. 

Field Name Field Description
Country Name (2 letter code) Find your 2 letter country code here (Opens in a new window)
State or Province Name State/Province/County of the Organisation 
Locality Name (e.g. City) City (e.g. London)
Organization Name Enter your Company Name
Organizational Unit Name Enter your Department Name
Common Name Enter the FQDN of the server of which the certificate should be issued to
Email Address Email Address of Requestor
A challenge password Enter a Password
An optional company name Normally left blank


OpenSSL has now created a file called “rui.csr”. This file contains the request that needs to be submitted to a Certificate Authority in order to issue and sign a new SSL Certificate based on the information entered into the request.

 Continue to Step 3: Submit the new Certificate Request to a Certificate Authority 



Written by  0 comment
Last modified on Tuesday, 09 December 2014 15:09
Rate this item
(0 votes)

Comments (0)

There are no comments posted here yet

Leave your comments

Posting comment as a guest. Sign up or login to your account.
0 Characters
Attachments (0 / 3)
Share Your Location

When you start writing GraphQL queries with filters off the top of your head without even looking at the reference… https://t.co/AbqVRGr4S3
Follow Rynardt Spies on Twitter