How To Generate CSR without Common name

  • 663
Time to read article: 4 min

The current CSR generation guide will help you to generate a Certificate Signing Request (CSR) without a mandatory common name (CN) using Nginx (OpenSSL). The CSR without CN is a must rule to generate GoGetSSL™ Public IP SAN. That is a very custom product allowing to protect public IP addresses with the domain validation process. Most devices force the install SSL with Primary domain as Public IP address, without any FQDN (Fully Qualified Domain name).

Step 1: Login to your server

Log into your server using an SSH connection to open a terminal window. No SSH connection needed if you work locally, just press CTRL+ALT+T or CTRL+ALT+F1 to open a terminal window on most Linux systems.

Step 2: CSR and Private key creation

Please run the command below to start the generation. Replace "new" with your actual public IP without any DOTS or simply use any custom name you want.

openssl req -new -newkey rsa:2048 -nodes -keyout new.key -out new.csr

We suggest generating new Private Key for every new CSR code. The description of commands:

  • openssl – activates the OpenSSL softwarereq – indicator, that we need CSR code;
  • –new –newkey – generate a new key;
  • rsa:2048 – generate a 2048-bit RSA mathematical key;
  • –nodes – no DES, meaning do not encrypt the private key in a PKCS#12 file;
  • –keyout – indicates the domain you’re generating a key for;
  • –out – specifies the name of the file your CSR will be saved as;

Note: we suggest to use classical 2048-bit key pairs. More secure 4096-bit key requers more server resources. Alternatively, use the ECC algorithm.

Step 3: Submit CSR details

Follow the process and submit all details.

  • Common Name: "KEEP EMPTY"
  • Organization: None, or any other name;
  • Organization Unit (OU): IT, Security or any other;
  • City or Locality: Submit your city;
  • State or Province: Submit your State, Region, Province;
  • Country: ISO-2 country code, like US, LV, RU, CN, make sure it is allowed country;

Note: Do not submit any key phrase, it will prevent the SSL generation process.

Step 4: Locate CSR file

You will be able to find the CSR file in working directory once the software finished the process of generation. An alternative command to list out all CSRs on your system.

ls *.csr

Step 5: Opening CSR in the console (optional)

You can open the generated .csr file in the editor using the command below.

sudo nano new.csr

Example code

You can open the generated .csr file in the editor using the command below.

openssl req -out new.csr -new -newkey rsa:2048 -nodes -keyout new.key
    Generating a 2048 bit RSA private key
    writing new private key to 'new.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
    Country Name (2 letter code) []:LV
    State or Province Name (full name) []:Rigas
    Locality Name (eg, city) []:Rigas
    Organization  (eg, company) []:None
    Organizational Unit Name (eg, section) []:IT
    Common Name (eg, fully qualified host name) []:
    Email Address []:test@test.tld

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: