知識庫

在 Google Cloud 服務產生 CSR

Google Cloud Platform allows you to generate a CSR (Certificate Signing Request) using 'Google Cloud Shell' - the built-in Command Line Console that provides access to the cloud resources directly from a browser.

It is required to have a previously created project to access the Cloud Shell. It can be created from the 'IAM & Admin' area here. Once the project is created, Google Cloud Shell becomes available to you.

Google Cloud Shell can be activated using the 'Activate Google Cloud Shell' button at the top of the window:

googlecsr1

A new Cloud Shell session will be opened at the bottom of the window. By default, you will be located in the user's Home directory /home/user:

googlecsr2

Google Cloud Shell supports the OpenSSL toolkit which can be used for CSR generation. The steps to generate a CSR in Cloud Shell are:

- Run the following command to create Private Key and Certificate Signing request files (server.key and server.csr).
*To avoid further confusion, we recommend to replace 'server' in server.key and server.csr with the domain name the certificate will be issued for.

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

Enter the following details using English alphanumeric symbols only:
Country Name
State or Province Name
Locality Name (city)
Organization Name (NA can be used)
Organizational Unit Name (NA can be used)
Common Name ( domain or subdomain name you wish to secure. I.e:, example.com or *.example.com for Wildcard certificates)
Email address

'A challenge password' and 'An optional company name' should be left empty - simply press 'Enter' to leave them unfilled.

Once all the requested information is provided, you will have two files generated in the current directory - *.csr and *.key.

The CSR file (*.csr) contains the code that should be used for activation. It should be used along with the header and footer which are: '-----BEGIN CERTIFICATE REQUEST---- and '-----END CERTIFICATE REQUEST----'.

Feel free to verify the generated CSR code using our tool: here

Note: Private Key code is essential for the certificate installation which will be performed *after* the certificate is activated and issued. Please make sure to save the Private Key file or move it to the directory where it can be easily located further. The file content is a block of code that starts with '-----BEGIN PRIVATE KEY-----' and ends with '-----END PRIVATE KEY-----'.