SSL CertificatesTrust solutions
New OrderOrder My accountAccount Support
GOGETSSL CLOUD CODE SIGNING CERTIFICATE
354.17$ Starting at
Check Offer
  • No hardware tokens/HSMs
  • No shipping = no delays
  • Integrate with cloud platforms
  • 1000 signings, one user seat
VULNERABILITY SCANNER WITHOUT COMPROMISES
25.00$ Basic Quick-Scan
Check Offer
  • OWASP Top 10 Scanning
  • Multi Page Web Applications
  • REST API & JavaScript Scan
  • Set it up in minutes
NEW FLEX SSL FEATURE AVAILABLE
72.00$ Starting at
Check Offer
  • Protect up to 250 domains
  • Wildcard domains
  • Single and sub-domains
  • Public IP addresses
ROBUST AND MODERN WAY TO IDENTIFY COMPANY
49.00$ Billed annually
Check Offer
  • Registered companies
  • Non Profit, Funds and Trusts
  • Government entities
  • Sole Proprietors/Individuals
Home Wiki CSR / SSL Generation How To Generate CSR without Common name

How To Generate CSR without Common name

  • The current CSR generation guide will help you to generate a Certificate Signing Request (CSR) without a mandatory common name (CN) using Nginx (OpenSSL). The CSR without CN is a must rule to generate GoGetSSL™ Public IP SAN. That is a very custom product allowing to protect public IP addresses with the domain validation process. Most devices force the install SSL with Primary domain as Public IP address, without any FQDN (Fully Qualified Domain name).

    • 1

      Step 1: Login to your server

      Log into your server using an SSH connection to open a terminal window. No SSH connection needed if you work locally, just press CTRL+ALT+T or CTRL+ALT+F1 to open a terminal window on most Linux systems.

    • 2

      Step 2: CSR and Private key creation

      Please run the command below to start the generation. Replace "new" with your actual public IP without any DOTS or simply use any custom name you want.

      openssl req -new -newkey rsa:2048 -nodes -keyout new.key -out new.csr

      We suggest generating new Private Key for every new CSR code. The description of commands:

      • openssl – activates the OpenSSL softwarereq – indicator, that we need CSR code;
      • –new –newkey – generate a new key;
      • rsa:2048 – generate a 2048-bit RSA mathematical key;
      • –nodes – no DES, meaning do not encrypt the private key in a PKCS#12 file;
      • –keyout – indicates the domain you’re generating a key for;
      • –out – specifies the name of the file your CSR will be saved as;

      Note: we suggest to use classical 2048-bit key pairs. More secure 4096-bit key requers more server resources. Alternatively, use the ECC algorithm.

    • 3

      Step 3: Submit CSR details

      Follow the process and submit all details.

      • Common Name: "KEEP EMPTY"
      • Organization: None, or any other name;
      • Organization Unit (OU): IT, Security or any other;
      • City or Locality: Submit your city;
      • State or Province: Submit your State, Region, Province;
      • Country: ISO-2 country code, like US, LV, RU, CN, make sure it is allowed country;

      Note: Do not submit any key phrase, it will prevent the SSL generation process.

    • 4

      Step 4: Locate CSR file

      You will be able to find the CSR file in working directory once the software finished the process of generation. An alternative command to list out all CSRs on your system.

      ls *.csr
    • 5

      Step 5: Opening CSR in the console (optional)

      You can open the generated .csr file in the editor using the command below.

      sudo nano new.csr
    • *

      Example code

      You can open the generated .csr file in the editor using the command below.

      openssl req -out new.csr -new -newkey rsa:2048 -nodes -keyout new.key
    Generating a 2048 bit RSA private key
    writing new private key to 'new.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
    Country Name (2 letter code) []:LV
    State or Province Name (full name) []:Rigas
    Locality Name (eg, city) []:Rigas
    Organization  (eg, company) []:None
    Organizational Unit Name (eg, section) []:IT
    Common Name (eg, fully qualified host name) []:
    Email Address []:test@test.tld

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:

    • Conclusion

      That steps are mandatory in order to purchase and order Public IP SSL. You can use that manual to generate classical CSR, just submit Common name.

Back to SSL Wiki

Similar articles from General Questions

Fast Issuance within 3-5 minutes

Get a Domain Validation SSL certificate within just 5 minutes using our friendly and automated system. No paperwork, callback or company required.

Price Match 100% Guarantee

Found a better price? We will match it - guaranteed. Get the best possible price in the World with us. The correct place to save your money.

Free SSL 90-day for free

Try 90-day Trial SSL Certificate before the real purchase to test cert's functionality. 99.9% browser and mobile support. Free reissues.

Money Back 30-day guarantee

Customer satisfaction is our major concern. Get a full refund within 30 days for any purchase of SSL certificates with 100% guarantee.

Speed up SSL issuance

GoGetSSL® offers fastest issuance of SSL due to use of LEI code and API automation. Legal Entity Identifier (LEI) is a global identity code, just like DUNS. Learn how LEI works.

$62.00
LEI Registration
1,422,468+Total LEIs issued
224+Jurisdictions supported
OperaExplorerFirefoxSafariChrome
SSL Supported by 99.6% of browsers and Mobile Devices
Wire
Transfer
© 2009-2024 Copyright Digicert Ireland Limited. All Rights reserved