How to manually create a certificate request (CSR)


Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"


Top Level » Apache Related Information
Top Level » SSL

How to manually create a certificate request (CSR)Last Modified: Dec 15, 2016, 4:41 pm
If you want to bypass all automated means for more control, you can create a bit key and certificate request using the following commands:

/usr/bin/openssl genrsa 4096 > private.key
/usr/bin/openssl req -new -key private.key

where you can replace 4096 if you want different size key.
The genrsa will ask you all information for the certificate.

Once created, you give the certificate request to a certificate authority.
They'll give you a new certificate, which you'd use with your private.key.



For a multi-domain certificate request, you'd create a config for the SubjectAltName entries, san.cfg.
Domain:
Country:
State:
City:
Company:
E-Mail:
Extra Domains

[ req ]
default_bits = 4096
default_keyfile = private.key
distinguished_name = req_distinguished_name
attributes = req_attributes
prompt = no

[ req_distinguished_name ]
C = CA
ST = AB
L = St. Albert
O = JBMC-Software
CN = domain.com
emailAddress = my@email.com
[ req_attributes ]
[SAN]
subjectAltName=DNS:domain.com,DNS:www.domain.com,DNS:otherdomain.com,DNS:www.otherdomain.com

and alter the command slightly:

/usr/bin/openssl req -new -sha256 -key private.key -subj "/CN=domain.com" -reqexts SAN -config san.cfg

 
Related Helpfiles
Setting up DA with an SSL certificate
How to manually create a new self-signed shared server certificate
How to check the details of a certificate request

2003 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST