OpenSSL Generating a Certificate Signing Request: Difference between revisions
Jump to navigation
Jump to search
(7 intermediate revisions by the same user not shown) | |||
Line 12: | Line 12: | ||
# For Apache purposes, use the key with no pass phrase to generate the CSR file. | # For Apache purposes, use the key with no pass phrase to generate the CSR file. | ||
# Create a config file to be configured with the multiple subdomains. | # Create a config file to be configured with the multiple subdomains. | ||
#: <tt>'''cat << EOL >> <config_file>.cnf'''</tt> | #: <tt>'''# cat << EOL >> <config_file>.cnf'''</tt> | ||
[ req ] | |||
default_bits = 2048 | |||
default_keyfile = <private_key>.key | |||
distinguished_name = req_distinguished_name | |||
req_extensions = req_ext | |||
[ req_distinguished_name ] | |||
countryName = Country Name (2 letter code) | |||
countryName_default = US | |||
stateOrProvinceName = State or Province Name (full name) | |||
stateOrProvinceName_default = New York | |||
localityName = Locality Name (eg, city) | |||
localityName_default = New York | |||
organizationName = Organization Name (eg, company) | |||
organizationName_default = Example | |||
commonName = Common Name (e.g. server FQDN or YOUR name) | |||
commonName_max = 64 | |||
[ req_ext ] | |||
subjectAltName = @alt_names | |||
[alt_names] | |||
DNS.1 = <domain>.com | |||
DNS.2 = www.<domain>.com | |||
DNS.3 = *.<domain>.com | |||
EOL | |||
# Generate the CSR from the private key using openssl. | # Generate the CSR from the private key using openssl. | ||
#: <tt>'''# openssl req -new - | #: <tt>'''# openssl req -new -config <config_file>.cnf -out <csr_name>.csr'''</tt> | ||
# Enter the information as required by the prompts. | # Enter the information as required by the prompts. | ||
# Verify the checksum of the key matches the checksum CSR. | # Verify the checksum of the key matches the checksum CSR. | ||
#: <tt>'''# openssl req -noout -modulus -in <csr_name>.csr | openssl md5'''</tt> | #: <tt>'''# openssl req -noout -modulus -in <csr_name>.csr | openssl md5'''</tt> | ||
# Review the contents of the certificate singing request (CSR). | |||
#: <tt>'''openssl req -noout -text -in <csr_name>.csr'''</tt> | |||
== Further Reading == | == Further Reading == |
Latest revision as of 04:08, 15 November 2020
Generate the Certificate Signing Request (CSR)
Apache with mod_ssl Enabled (No subjectAltName)
- If required follow the OpenSSL Generating a Private Key procedure.
- For Apache purposes, use the key with no pass phrase to generate the CSR file.
- Generate the CSR from the private key using openssl.
- # openssl req -new -key <key_name>.key -out <csr_name>.csr
- Enter the information as required by the prompts.
- Verify the checksum of the key matches the checksum CSR.
- # openssl req -noout -modulus -in <csr_name>.csr | openssl md5
Apache with mod_ssl Enabled (With subjectAltName)
- If required follow the OpenSSL Generating a Private Key procedure.
- For Apache purposes, use the key with no pass phrase to generate the CSR file.
- Create a config file to be configured with the multiple subdomains.
- # cat << EOL >> <config_file>.cnf
[ req ] default_bits = 2048 default_keyfile = <private_key>.key distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = US stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = New York localityName = Locality Name (eg, city) localityName_default = New York organizationName = Organization Name (eg, company) organizationName_default = Example commonName = Common Name (e.g. server FQDN or YOUR name) commonName_max = 64 [ req_ext ] subjectAltName = @alt_names [alt_names] DNS.1 = <domain>.com DNS.2 = www.<domain>.com DNS.3 = *.<domain>.com EOL
- Generate the CSR from the private key using openssl.
- # openssl req -new -config <config_file>.cnf -out <csr_name>.csr
- Enter the information as required by the prompts.
- Verify the checksum of the key matches the checksum CSR.
- # openssl req -noout -modulus -in <csr_name>.csr | openssl md5
- Review the contents of the certificate singing request (CSR).
- openssl req -noout -text -in <csr_name>.csr