OpenSSL CSR Cookbook


The Most Common Usage

Making a CSR for www.ballersbank.com and ballersbank.com. using the openssl command on ubuntu or any other kind of linux.

openssl req -new -newkey rsa:2048 -nodes -out mycert.csr -keyout myprivate.key -subj "/C=US/ST=CA/L=Irvine/O=Ballers Bank of Amerika/OU=IT Dept/CN=www.ballersbank.com"

A CSR With Multiple SAN

first thing to do is to make a file called san.cnf with the following, for example

[ req ]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = req_ext
[ req_distinguished_name ]
countryName                = US
stateOrProvinceName        = CA
localityName               = Irvine
organizationName           = Ballers Bank of Amerika
commonName                 = ballersbank.com
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1   = services.ballersbank.com
DNS.2   = banking.ballersbank.com
DNS.3   = savings.ballersbank.com
DNS.4   = loans.ballersbank.com

then run this command:
openssl req -out sslcert.csr -newkey rsa:2048 -nodes -keyout private.key -config san.cnf
Enter the values when prompted, including US, CA, IRVINE, BALLERS BANK, etc. or you will get this message "error, no objects specified in config file"

Finally Check your CSR with this command:
openssl req -noout -text -in sslcert.csr | grep DNS


Comments

Popular posts from this blog

Microsoft Visio 2010 Premium Product Keys

Fix: The Diagnostic Service Host service failed to start due to the following error. [ solved, no kidding ]

Mercedes Benz Diesel CDI EGR Emulator Circuit Diagrams