Finding info from a Certificate Signing Request (CSR)

I have recently inherited many web sites in my new job. I had the task of renewing the SSL for one of these sites. This is my first foray into LAMP based setup with no control panel. The SSL was on auto renew so I got the email from GoDaddy indicating it was renewed. I still needed to get the CRT and install it on the server. In the process I was prompted to use the previous CSR. I thought heck yeah. One less thing to figure out how to do. I was able to download my needed files and was ready to go but I thought I should read up on this bit more as I’ve never did an SSL in a LAMP environment.

Turns out that the CSR might contain a Passphrase. If it did and I don’t have access to the correct passphrase the site will not start up. Not good.

It looks like my option was to go to the GoDaddy site and Re-key the CSR. Another problem was that since I just started here I might not know the particulars of the CSR such as Organization (the company has merged with others so just using the one that employed me not work).

I came across this command to use with OpenSSL, the program used for Linux based SSL setup, to find info about the CSR.
openssl req -text -noout -verify -in namedomain.com.csr
There is also this handy web tool. http://www.sslshopper.com/csr-decoder.html

This provides the Common Name: Organization: Locality: State: Country: etc.

Leave Comment

Your email address will not be published. Required fields are marked *