SearchSupportFree trial
Contact us

Knowledge Base

Knowledge BaseWebServer

ECC CSR Generation - Using OpenSSL

Updated on January 8, 2021

 

User-added image

Before generating an ECC CSR (Elliptic Curve Cryptography Certificate Signing Request) and ordering an ECC SSL Certificate form Sectigo, make sure that your environment is compatible with ECC SSL Certificates. For more information about Elliptic Curve Cryptography, see Elliptic Curve Cryptography ECC Explained.

Use the following instructions to generate the ECC CSR using OpenSSL.

 
 
Steps for generating a CSR using EC Key
 

  1. Use the following command to generate an ECC private key. 

    openssl ecparam -out private.key -name prime256v1 -genkey

    Where private.key is the private key filename. Make sure that you keep the file on your server, it is required for installing the certificate later on your server.

    Note:    Recommended ECC key size is 256-bit. If greater encryption strength is required, your other private key options are prime384v1 or prime521v1.

  2. Next, type the following command to generate a ECC certificate signing request (CSR):

    openssl req -new -key private.key -out server.csr

    Where server.csr is the filename which holds the CSR.

  3. Upon executing this command, you will be prompted to enter the following information:

    For fields that are not required, you can enter '.' and those fields will be left blank.

    Country Name (2 letter code) [AU]:Type the two letter code for the country where your company is legally located.
      
    State or Province Name (full name) [Some-State]:Type the name of the state or providence where your company is legally located.
      
    Locality Name (eg, city) [ ]:Type the name of the city where your company is legally located.
      
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:Type your company’s legally registered name.
      
    Organizational Unit Name (eg, section) [ ]:Type the name of the department within your organization that you want to
     appear on the ECC SSL Certificate.
      
    Common Name (e.g. server FQDN) [ ]:Type the fully qualified domain name (i.e. www.example.com) for the site that
     you are securing.
     Note: If you are generating an Apache CSR for a Wildcard SSL Certificate,
     your common name should start with an asterisk (i.e. *.example.com).
      

  4. You have now generated a CSR using EC Key. You can open the CSR file using simple text editor. This can be submitted to Sectigo through your SSL Certificate order. Make sure that you include the header and footer -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags while submitting the CSR.

     

 
 
 

 

Need assistance?

Contact our team for help with your purchase or issuing your certificate.

Live chat

Click the button below or click "Chat with an Expert" to start chatting with us now!

Start chat

Call us today

United States
+1 888 266 6361
France
+33 3 66 72 95 95
Italy
+39 02 4792 1708
Spain
+34 900 838 451
Germany
+49 800 1002328
International
+1 914 732 844

Resources