OpenSSL CSR Cookbook

The Most Common Usage

Making a CSR for and using the openssl command on ubuntu or any other kind of linux.

openssl req -new -newkey rsa:2048 -nodes -out mycert.csr -keyout myprivate.key -subj "/C=US/ST=CA/L=Irvine/O=Ballers Bank of Amerika/OU=IT Dept/"

A CSR With Multiple SAN

first thing to do is to make a file called san.cnf with the following, for example

[ req ]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = req_ext
[ req_distinguished_name ]
countryName                = US
stateOrProvinceName        = CA
localityName               = Irvine
organizationName           = Ballers Bank of Amerika
commonName                 =
[ req_ext ]
subjectAltName = @alt_names
DNS.1   =
DNS.2   =
DNS.3   =
DNS.4   =

then run this command:
openssl req -out sslcert.csr -newkey rsa:2048 -nodes -keyout private.key -config san.cnf
Enter the values when prompted, including US, CA, IRVINE, BALLERS BANK, etc. or you will get this message "error, no objects specified in config file"

Finally Check your CSR with this command:
openssl req -noout -text -in sslcert.csr | grep DNS


Popular posts from this blog

Microsoft Visio 2010 Premium Product Keys

Fix: The Diagnostic Service Host service failed to start due to the following error. [ solved, no kidding ]

Mercedes Benz Diesel CDI EGR Emulator Circuit Diagrams