How to Use OpenSSL to Create a CSR (Certificate Signing Request) Under Windows Operating System

March 5, 2017


The following post provide instructions how to use OpenSSL to create a CSR (Certificate Signing Request) under Windows OS (Operating System).


1. Download the latest (Light) OpenSSL version from the following link.

Note:  Win32 OpenSSL or Win64 OpenSSL edition can be used.

2. Install the ‘Win32 OpenSSL v1.0.2k Light.exe’ or ‘Win64OpenSSL_Light-1_0_2k.exe’ by using the default installation settings or customize the installation target.

3. Verify that the installation process was succeed.


CSR (Certificate Signing Request)

1. Set ‘OPENSSL_CONF’ environment variable:

For Win32 OpenSSL:

set OPENSSL_CONF=c:\OpenSSL-Win32\bin\openssl.cfg  

For Win64 OpenSSL:

set OPENSSL_CONF=c:\OpenSSL-Win64\bin\openssl.cfg  

2. Navigate to ‘c:\OpenSSL-Win32’ or ‘c:\OpenSSL-Win64’.

3. Initiate the following command:

Option 1:  Key Algorithm –  RSA and Key Size – 2048 bits:

openssl req -new -newkey rsa:2048-nodes -out myservername_mydomainname_local.csr -keyout myservername_mydomainname_local.key -subj “/C=US/ST=05/L=MyCityName/O=MyOrganizationName/OU=IT/CN=myservername.mydomainname.local”

Option 2:  Key Algorithm –  RSA and Key Size – 4096 bits:

openssl req -new -newkey rsa:4096 -nodes -out myservername_mydomainname_local.csr -keyout myservername_mydomainname_local.key -subj “/C=US/ST=05/L=MyCityName/O=MyOrganizationName/OU=IT/CN=myservername.mydomainname.local”

Option 3:  Key Algorithm and Key Size: P-256 (elliptic curve ):

openssl ecparam -out myservername_mydomainname_local.pkey -name prime256v1 -genkey && openssl req -new -key myservername_mydomainname_local.pkey -nodes -out myservername_mydomainname_local.csr -subj “/C=US/ST=05/L=MyCityName/O=MyOrganizationName/OU=IT/CN=myservername.mydomainname.local”

5. OpenSSL creates both your private key and your certificate signing request, and saves them to two files: .key, and .csr .

Add comment
facebook linkedin twitter email

Leave a Reply