Friday, October 19, 2018

How to generate a CSR certificate request

1. Generate private key:
openssl genrsa -out private.key 2048

2. Have cnf file in place - file.cnf:
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[req_distinguished_name]
countryName = XX
countryName_default = XX
stateOrProvinceName = xx xx
stateOrProvinceName_default = xxxxx
localityName = xxxxx
localityName_default = xxxxx
organizationName = XXXX
organizationName_default = XXXX
organizationalUnitName = XX
organizationalUnitName_default = XX
commonName = domain.com
commonName_default = domain.com
commonName_max = 64
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = domain1.com
DNS.2 = domain2.com

...

3. Generate the CSR:
openssl req -new -key private.key -out certrequest.csr -config file.cnf

No comments:

Post a Comment