1

Hi All

I want to generate csr for a web url, lets say the url is https://test1.mydomain.com . i have installed openssl.
can i give the same name for CN and DNS.1 in the below cnf file. Please validate the below steps and let me know if this the correct approach

[req]
prompt = no
distinguished_name = req_distinguished_name
req_extensions = v3_req
default_md = sha256

[req_distinguished_name]
C = US
ST = ABC
L = XYZ
O = My Company
CN = test1.mydomain.com

[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1 = test1.mydomain.com

i have saved the above file as url.com.cnf under c:\temp.

a.To make CSR file:
openssl req -new -out “C:\temp\url.com.csr” -newkey rsa:2048 -nodes -sha256 -keyout “C:\temp\url.com.key.temp” -config “C:\temp\url.com.cnf”

b. To verify CSR file:
openssl req -text -noout -verify -in “C:\temp\url.com.csr”

c. To create Key File:
openssl rsa -in “C:\temp\url.com.key.temp” -out “C:\temp\url.com.key”

d. To make pfx after getting the cer file
openssl pkcs12 -export -out “C:\temp\url.com.pfx” -inkey “C:\temp\url.com.key” -in “C:\temp\url.com.crt”

7 Spice ups
2

If its an external 3rd ssl then all you need is a wildcard ssl. So *.domain.com

3

If you are doing this in windows, generate the CSR from within IIS, it’s simpler for you.

Yes you can use the same name for CN and DNS