OpenSSL Generating a Certificate Signing Request: Difference between revisions
Jump to navigation
Jump to search
Line 15: | Line 15: | ||
#:<tt>'''[ req ]'''</tt> | #:<tt>'''[ req ]'''</tt> | ||
#:<tt>'''default_bits = 2048'''</tt> | #:<tt>'''default_bits = 2048'''</tt> | ||
#:<tt>'''default_keyfile = | #:<tt>'''default_keyfile = <private_key>.key'''</tt> | ||
#:<tt>'''distinguished_name = req_distinguished_name'''</tt> | #:<tt>'''distinguished_name = req_distinguished_name'''</tt> | ||
#:<tt>'''req_extensions = req_ext'''</tt> | #:<tt>'''req_extensions = req_ext'''</tt> | ||
Line 21: | Line 21: | ||
#:<tt>'''[ req_distinguished_name ]'''</tt> | #:<tt>'''[ req_distinguished_name ]'''</tt> | ||
#:<tt>'''countryName = Country Name (2 letter code)'''</tt> | #:<tt>'''countryName = Country Name (2 letter code)'''</tt> | ||
#:<tt>'''countryName_default = | #:<tt>'''countryName_default = US'''</tt> | ||
#:<tt>'''stateOrProvinceName = State or Province Name (full name)'''</tt> | #:<tt>'''stateOrProvinceName = State or Province Name (full name)'''</tt> | ||
#:<tt>'''stateOrProvinceName_default = | #:<tt>'''stateOrProvinceName_default = New York'''</tt> | ||
#:<tt>'''localityName = Locality Name (eg, city)'''</tt> | #:<tt>'''localityName = Locality Name (eg, city)'''</tt> | ||
#:<tt>'''localityName_default = | #:<tt>'''localityName_default = New York'''</tt> | ||
#:<tt>'''organizationName = Organization Name (eg, company)'''</tt> | #:<tt>'''organizationName = Organization Name (eg, company)'''</tt> | ||
#:<tt>'''organizationName_default = Example'''</tt> | #:<tt>'''organizationName_default = Example'''</tt> | ||
Line 33: | Line 33: | ||
#:<tt>'''[ req_ext ]'''</tt> | #:<tt>'''[ req_ext ]'''</tt> | ||
#:<tt>'''subjectAltName = @alt_names'''</tt> | #:<tt>'''subjectAltName = @alt_names'''</tt> | ||
#: | #: | ||
#:<tt>'''[alt_names]'''</tt> | #:<tt>'''[alt_names]'''</tt> | ||
#:<tt>'''DNS.1 = | #:<tt>'''DNS.1 = <domain>.com'''</tt> | ||
#:<tt>'''DNS.2 = www. | #:<tt>'''DNS.2 = www.<domain>.com'''</tt> | ||
#:<tt>'''DNS.3 = | #:<tt>'''DNS.3 = *.<domain>.com'''</tt> | ||
#:<tt>'''EOL'''</tt> | #:<tt>'''EOL'''</tt> | ||
# Generate the CSR from the private key using openssl. | # Generate the CSR from the private key using openssl. |
Revision as of 03:56, 15 November 2020
Generate the Certificate Signing Request (CSR)
Apache with mod_ssl Enabled (No subjectAltName)
- If required follow the OpenSSL Generating a Private Key procedure.
- For Apache purposes, use the key with no pass phrase to generate the CSR file.
- Generate the CSR from the private key using openssl.
- # openssl req -new -key <key_name>.key -out <csr_name>.csr
- Enter the information as required by the prompts.
- Verify the checksum of the key matches the checksum CSR.
- # openssl req -noout -modulus -in <csr_name>.csr | openssl md5
Apache with mod_ssl Enabled (With subjectAltName)
- If required follow the OpenSSL Generating a Private Key procedure.
- For Apache purposes, use the key with no pass phrase to generate the CSR file.
- Create a config file to be configured with the multiple subdomains.
- # cat << EOL >> <config_file>.cnf
- [ req ]
- default_bits = 2048
- default_keyfile = <private_key>.key
- distinguished_name = req_distinguished_name
- req_extensions = req_ext
- [ req_distinguished_name ]
- countryName = Country Name (2 letter code)
- countryName_default = US
- stateOrProvinceName = State or Province Name (full name)
- stateOrProvinceName_default = New York
- localityName = Locality Name (eg, city)
- localityName_default = New York
- organizationName = Organization Name (eg, company)
- organizationName_default = Example
- commonName = Common Name (e.g. server FQDN or YOUR name)
- commonName_max = 64
- [ req_ext ]
- subjectAltName = @alt_names
- [alt_names]
- DNS.1 = <domain>.com
- DNS.2 = www.<domain>.com
- DNS.3 = *.<domain>.com
- EOL
- Generate the CSR from the private key using openssl.
- # openssl req -new -key <key_name>.key -out <csr_name>.csr
- Enter the information as required by the prompts.
- Verify the checksum of the key matches the checksum CSR.
- # openssl req -noout -modulus -in <csr_name>.csr | openssl md5