openssl – Generate a CSR

This command generates a private key and a csr. You can submit the csr to a CA to get the leaf certificate.

openssl req -newkey rsa:2048 -nodes \
  -out myhostname.csr -config myopenssl.cnf

For this, a config file is needed. Fill it up with details like this:

######################################################################################
[ req ]
default_bits = 2048
default_md = sha256
default_keyfile = myhostname.pem
distinguished_name = req_distinguished_name
prompt = no
req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
C=IN
ST=Karnataka
L=Bangalore
O=None
OU=None
CN=arunsr.in
[ v3_req ]
subjectAltName = @alternate_names
keyUsage = digitalSignature, keyEncipherment
[ alternate_names ]
DNS.1 = www.arunsr.in
DNS.2 = blog.arunsr.in
#######################################################################################

Leave a Reply