Menu Show

How to Generate a CSR on Node.js

Rate this article: 1 Star2 Stars3 Stars4 Stars5 Stars (8 votes, average: 4.25)

Node.js is a free open-source server environment that runs Javascript on the server. It works on various operating systems such as Windows, Linux, Unix, OS X, etc. and is commonly used for developing server-side web applications.

Certificate Signing Request (CSR) is an encoded message that contains details such as the public key of the domain/s for which the SSL certificate is applied for, contact details and/or digital signature. A CSR is sent from an applicant to a certificate authority as a part of the application process for obtaining a digital certificate.

The process of generating CSR on Node.js is very straightforward.

CSR Generation Process on Node.js

Step 1: OpenSSL

OpenSSL utility, which is generally included in modpack, is used for CSR generation on Node.js. It doesn’t require additional steps to install OpenSSL.  You can find OpenSSL in your modpack using this command: $ openssl.

In case OpenSSL is not included in the modpack by default, it can be downloaded with one of the following commands:

  • sudo apt-get install openssl
  • sudo yum install openssl
  • npm install openssl

Step 2: Generating a new CSR

The following commands are used to generate a new CSR and RSA private key:

openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr

Step 3: File names

The CSR will be generated and stored in the domain.csr file and the private key will be generated and stored in the domain.key file. When running the command, you should change the names of these files and replace them with the domain name for which you are generating CSR. (Sometimes when different SSL certificates are installed for different domains, things become confusing. This is an optional step.)

Step 4: Filling out the CSR details

After having run the command, you will see prompts for these fields, which should be filled with alphanumeric characters only.

  1. Common name: A fully qualified domain name (FQDN), i.e. the domain name for which the SSL certificate needs to be issued for.
  • For example,

All SSL certificates cover both www and non-www version of the domain name (even a single domain SSL).

For Wildcard certificates, your domain name should be written with an asterisk. (*

  1. City
  1. State: full name of the state, county or region as per the company’s geographical location is located in.
  1. Country: Abbreviated ISO-compliant (two-letter) country code. For example, US, CA, NZ, UK, etc.
  1. Organization: Legally registered name of the organization. It is mandatory for Organization Validated (OV) and Extended validated (EV) certificates.

Write “NA” if

  • a certificate is for personal use
  • it is a Domain Validation certificate
  1. Organization Unit: Department name inside the organization. If the division includes symbols other than a period or comma, check with your certificate authority to confirm that they are acceptable.

Write “NA” if

  • a certificate is for personal use
  • it is a Domain Validation certificate
  • there are no departments in the company
  1. Email Address (optional) 
  1. Challenge Password: Challenge password is used to encrypt the private key which is generated with the CSR. This password may be required later to decrypt the private key during installation. This field is optional.

CSR code

The CSR code will be created in the domain.csr file. You can copy-paste it into a text editor.

CSR Node.Js

If it’s hard to find domain.csr file, you can find it with this command: sudo find / -iname “.csr.”

Once you have the CSR, it should be used for the SSL certificate installation.

—–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—– are considered the header and footer of the CSR code. Whenever you send CSR to the certificate authority, include the header and footer into the code.

The private key

The private key generated will be created in the .key file. It contains the following header and footer:


The private key must be kept safe. Save it in a separate file on your computer. It will be necessary in the SSL certificate installation process on the server after your certificate authority issues the certificate.

Wildcard SSL Certificates

Comodo Wildcard Certificates – Save Up To 72%

Save a bunch when you buy your wildcard certificate direct. Get a Comodo Wildcard Certificate for less than $80 per year.
Compare Wildcard Certificates