Create CSR

Prev Next

Available in Classic and VPC

Note

When NAVER Cloud's Advanced certificate is issued, the certificate is created based on the latest verified organization information from the Organizations menu, regardless of the organization information (O, L, ST, etc.) in the CSR you submitted. This allows you to create a CSR without the hassle of matching all the details.

You must provide a CSR when issuing or reissuing an advanced certificate. This document explains how to create a CSR using OpenSSL.

CSR definition

To obtain an SSL/TLS certificate, you need a Certificate Signing Request (CSR) file. A CSR is a file that contains the public key and owner information to be included in the certificate.

1. CSR and information reflection principles

Advanced certificates separate the sources of information included in certificates as follows to ensure data integrity and accuracy:

  • Technical specifications (public key and algorithm): Extracted and reflected from the CSR file you submit.
  • Domain information (CN/SAN): Reflects the domain information you enter during certificate request and validated through Domain Control Validation (DCV).
  • Organization information (organization name, address, etc.): Reflects the official information pre-validated in the Organizations menu.

Through this unified data source approach, you can create a CSR without needing to match complex information, and obtain certificates quickly without rejection due to input errors.

2. How to create a CSR

Both DV and OV certificates can be created using the simplified command below. Regardless of the organization information entered in the CSR, the final certificate includes the validated official information.
Enter the following command as a single line in the terminal or command prompt. This will create a private key file (example.com.key) and a CSR file (example.com.csr).

openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr -subj "/CN=example.com"
  • Replace CN=example.com with the actual domain where the certificate will be applied.
Note

According to the information reflection principles described above, this value is automatically replaced with the validated domain information during issuance. However, we recommend entering the actual domain name for smooth command execution and easier file identification.

  • Other information: Details such as Country (C), State (ST), Locality (L), and Organization (O) can be omitted or set to arbitrary values. They are automatically set to pre-validated information during issuance.
  • new: Creates a new CSR.
  • newkey rsa:2048: Creates a new 2048-bit RSA private key.
  • nodes: Does not encrypt the created private key.
  • keyout example.com.key: Sets the file name for the created private key.
Caution

The private key file must never be exposed externally. You must handle it with care, and reissue the certificate if the file is leaked or lost.

  • out example.com.csr: Sets the file name for the created CSR.
  • subj "/CN=example.com": Specifies the domain information (CN) to include in the CSR.

3. Enter the created CSR file

  1. Open the created .csr file in a text editor.
  2. Copy the content from -----BEGIN CERTIFICATE REQUEST----- to -----END CERTIFICATE REQUEST----- and paste it into the CSR input field in the "Enter CSR" step.