Generate certificate signing request (CSR)/DKIM

Before ordering an SSL certificate, you need to generate a CSR.

openssl genrsa -out 2048

openssl req -new -sha256 -key -out ~/

by one command:

openssl req -new -newkey rsa:2048 -nodes -keyout NAME.key -out NAME.csr

Common Name The fully qualified domain name for your web server. This must be an exact match. If you intend to secure the URL, then your CSR’s common name must be If you plan to get a wildcard certificate, make sure to prefix your domain name with an asterisk, for example: *
Organization Name The exact legal name of your organization. Do not abbreviate your organization name.
Organizational Unit Section of the organization. IT
City or Locality The city where your organization is legally located. Wellesley Hills
State or Province The state or province where your organization is legally located. Do not use an abbreviation. Massachusetts
Country The two-letter ISO abbreviation for your country. US

openssl req -in mycsr.csr -noout -text - show request

To generate a DKIM key with openssl, do the following – this will generate you a 1024 bit DKIM key:

openssl genrsa -out private.key 1024
openssl rsa -in private.key -pubout -out public.key

Your generated public key will remind something like below: