This article demonstrates how to generate a CSR (certificate signing request) using OpenSSL. In the examples below, change the bold text to be correct for you.
Generate the key file:
openssl genrsa -out example.key 2048 && chmod 0600 example.key
Create the config file as “/etc/httpd/example.csr.conf:
[ req ] default_bits = 2048 default_keyfile = example.key distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] countryName = AU countryName_default = AU stateOrProvinceName = SA stateOrProvinceName_default = SA localityName = Adelaide localityName_default = Adelaide organizationName = ExampleCo organizationName_default = ExampleCo commonName = www.example.com commonName_max = 64 [ req_ext ] subjectAltName = @alt_names [alt_names] DNS.1 = www.example.com DNS.2 = www
Generate the CSR file:
openssl req -new -nodes -sha256 -config /etc/httpd/example.csr.conf -out example.csr
Output that file:
cat example.csr
Most of what you see here came from “https://www.lisenet.com/2015/create-a-subject-alternative-name-san-csr-with-openssl/”.
