SSL CertificatesTrust solutions
VULNERABILITY SCANNER WITHOUT COMPROMISES
15.00$ Basic Quick-Scan
  • OWASP Top 10 Scanning
  • Multi Page Web Applications
  • REST API & JavaScript Scan
  • Set it up in minutes
NEW FLEX SSL FEATURE AVAILABLE
44.00$ Starting at
  • Protect up to 250 domains
  • Wildcard domains
  • Single and sub-domains
  • Public IP addresses
ROBUST AND MODERN WAY TO IDENTIFY COMPANY
49.00$ Billed annually
  • Registered companies
  • Non Profit, Funds and Trusts
  • Government entities
  • Sole Proprietors/Individuals
Home Wiki CSR / SSL Generation How To Generate CSR without Common name

How To Generate CSR without Common name

  • The current CSR generation guide will help you to generate a Certificate Signing Request (CSR) without a mandatory common name (CN) using Nginx (OpenSSL). The CSR without CN is a must rule to generate GoGetSSL™ Public IP SAN. That is a very custom product allowing to protect public IP addresses with the domain validation process. Most devices force the install SSL with Primary domain as Public IP address, without any FQDN (Fully Qualified Domain name).

    • 1

      Step 1: Login to your server

      Log into your server using an SSH connection to open a terminal window. No SSH connection needed if you work locally, just press CTRL+ALT+T or CTRL+ALT+F1 to open a terminal window on most Linux systems.

    • 2

      Step 2: CSR and Private key creation

      Please run the command below to start the generation. Replace "new" with your actual public IP without any DOTS or simply use any custom name you want.

      openssl req -new -newkey rsa:2048 -nodes -keyout new.key -out new.csr
                                      

      We suggest generating new Private Key for every new CSR code. The description of commands:

      • openssl – activates the OpenSSL softwarereq – indicator, that we need CSR code;
      • –new –newkey – generate a new key;
      • rsa:2048 – generate a 2048-bit RSA mathematical key;
      • –nodes – no DES, meaning do not encrypt the private key in a PKCS#12 file;
      • –keyout – indicates the domain you’re generating a key for;
      • –out – specifies the name of the file your CSR will be saved as;

      Note: we suggest to use classical 2048-bit key pairs. More secure 4096-bit key requers more server resources. Alternatively, use the ECC algorithm.

    • 3

      Step 3: Submit CSR details

      Follow the process and submit all details.

      • Common Name: "KEEP EMPTY"
      • Organization: None, or any other name;
      • Organization Unit (OU): IT, Security or any other;
      • City or Locality: Submit your city;
      • State or Province: Submit your State, Region, Province;
      • Country: ISO-2 country code, like US, LV, RU, CN, make sure it is allowed country;

      Note: Do not submit any key phrase, it will prevent the SSL generation process.

    • 4

      Step 4: Locate CSR file

      You will be able to find the CSR file in working directory once the software finished the process of generation. An alternative command to list out all CSRs on your system.

      ls *.csr
                                      
    • 5

      Step 5: Opening CSR in the console (optional)

      You can open the generated .csr file in the editor using the command below.

      sudo nano new.csr
                                      
    • *

      Example code

      You can open the generated .csr file in the editor using the command below.

      openssl req -out new.csr -new -newkey rsa:2048 -nodes -keyout new.key
          Generating a 2048 bit RSA private key
          writing new private key to 'new.key'
      -----
      You are about to be asked to enter information that will be incorporated
      into your certificate request.
      What you are about to enter is what is called a Distinguished Name or a DN.
      There are quite a few fields but you can leave some blank
      For some fields there will be a default value,
      If you enter '.', the field will be left blank.
      -----
          Country Name (2 letter code) []:LV
          State or Province Name (full name) []:Rigas
          Locality Name (eg, city) []:Rigas
          Organization  (eg, company) []:None
          Organizational Unit Name (eg, section) []:IT
          Common Name (eg, fully qualified host name) []:
          Email Address []:test@test.tld
      
      Please enter the following 'extra' attributes
      to be sent with your certificate request
      A challenge password []:
                                      
    • Conclusion

      That steps are mandatory in order to purchase and order Public IP SSL. You can use that manual to generate classical CSR, just submit Common name.

Fast Issuance within 3-5 minutes

Get a Domain Validation SSL certificate within just 5 minutes using our friendly and automated system. No paperwork, callback or company required.

Price Match 100% Guarantee

Found a better price? We will match it - guaranteed. Get the best possible price in the World with us. The correct place to save your money.

Free SSL 90-day for free

Try 90-day Trial SSL Certificate before the real purchase to test cert's functionality. 99.9% browser and mobile support. Free reissues.

Money Back 30-day guarantee

Customer satisfaction is our major concern. Get a full refund within 30 days for any purchase of SSL certificates with 100% guarantee.

Speed up SSL issuance

GoGetSSL® offers fastest issuance of SSL due to use of LEI code and API automation. Legal Entity Identifier (LEI) is a global identity code, just like DUNS. Learn how LEI works.

1,422,468+Total LEIs issued
224+Jurisdictions supported