Generate csr

rogerroger3 · 2023-04-05T20:03:09.000Z

Hi All

i want to generate csr and the below syntax works fine for me for the url(url1.contoso.com). i want to generate csr for two urls in the same csr. i.e for url1.contoso.com & url2.contoso.com
Please guide me with the syntax as i am getting error.

openssl req -new -subj “/C=Country/ST=State/L=Location/O=Contoso/CN=url1.contoso.com” -addext “subjectAltName = DNS:url1.contoso.com” -newkey rsa:2048 -keyout url.contoso.com-key.pem -out url.contoso.com.csr

openssl rsa -in url.contoso.com-key.pem -out url.contoso.com-key

robertrasp · 2023-04-06T04:44:22.000Z

To generate a CSR for a SAN certificate, this may be helpfull:

certificates - Provide subjectAltName to openssl directly on the command line - Information Security Stack Exchange

thomaswildgruber · 2023-04-06T06:02:53.000Z

DNS.1 DNS.2 etc would be the correct syntax to address more FQDNs. The following example using a configuration file for generating the CSR but you should be familiar with the content, you are using more or less the same parameters in your command line.

https://www.ibm.com/docs/en/qsip/7.4?topic=sc-creating-multi-domain-san-ssl-certificate-signing-request
HTH Tom

spiceuser-dsb6m · 2023-04-06T10:07:37.000Z

Hi,

You can just generate a wildcard CSR on your server, this will cover all subdomains/hosts.

HTH,

robertrasp · 2023-04-06T10:24:38.000Z

I would not recommend a wildcard certificate, because it is like a master key.

BTW: A correctly created wildcard certificate is also a SAN certificate:
*.domain.tld
domain.tld

Rod-IT · 2023-04-06T11:38:55.000Z

You’ve asked how to generate CSRs many times on here in the past and my advice back then was to generate it via IIS/MMC on Windows if you are more familiar with it, complete the CSR and import it back in to the windows box.

You are then free to export it to PFX for Windows or cert/key for Apache.

how to generate pem file Security

Hi All i have a requirement to generate a certificate for a url. i have a generated csr file using openssl using the below syntax. and i have got the certificate. openssl req -new -newkey rsa:2048 -config mywebsite.cnf -keyout mywebsite.key -out mywebsite.csr i have requirement now to upload this server certificate in a third party site where i have the below 3 options mentioned. how do i generate server certificate and private key in pem format. experts guide me. Server Certificate: P…

generate csr Linux

Hi All i have a requirement to generate csr file for two servers. i will generate using openssl. is it possible to add two Common Names in one single file or do i need to generate two different csrs one for Server01 and one for Server02. Server01: TestSrv01.mydomain.com Common Name: TestSrv01 Server02: TestSrv02.mydomain.com Common Name: TestSrv02 will the below work for me. [req] prompt = no distinguished_name = req_distinguished_name req_extensions = v3_req default_md = sha256 …

Some of your previous requests above, may help.

mjames2 · 2023-04-06T13:40:08.000Z

I wrote up some instructions for creating SSL certificate requests and some tips as I have to replace about 30 SSL certificates per year. This process is used for all SSL certificates including Windows, Linux and other devices. I chose to use OpenSSL to create the request and convert the certificates. It’s fairly easy once you have the steps. I hope this helps someone:

Create CNF configuration file on your Linux workstation or PC with OpenSSL installed:
(Create a temporary folder and put the file in it…then run the commands below from that folder.)

Sample file below:
____________________________________________________________

[req]
    distinguished_name = req_distinguished_name
    req_extensions = v3_req
    prompt = no
    [req_distinguished_name]
    C = US
    ST = VA
    L = YourTown
    OU = Your Department
    O = My Company
    CN = host.company.com
    [v3_req]
    keyUsage = keyEncipherment, dataEncipherment
    extendedKeyUsage = serverAuth
    subjectAltName = @alt_names
    [alt_names]
    DNS.1 = host.company.com
    DNS.2 = host2.company.com

____________________________________________________________

Create Certificate Request with .cnf file specs:
openssl req -config host.company.com.cnf -newkey rsa:4096 -nodes -sha256 -keyout host.company.com.key -out host.company.com.csr

Check SAN Entries:
openssl req -noout -text -in host.company.com.csr | grep DNS

Process certificate request on DigiCert's website or with Windows Certificate Services and download the new certificate files.

Chain the Root and Intermediate certificates if needed:
Open the DigiCertCA.crt and the TrustedRoot.crt files with Notepad and add them to a new empty text file called certchain.txt
The Root certificate stays at the top of the text file and the intermediate certs can be added below.  Rename the file certchain.crt
This will help with the next section as you convert the certificates to a single PFX file.  (Not needed for most Linux certificates.)

Create Single PFX file with all certificates chained and a password:
openssl pkcs12 -export -out host.company.com.pfx -inkey host.company.com.key -in host.company.crt -certfile certchain.crt -name Host2023.company.com  (Give the PFX file a password.)

Copy the PFX or the other the Crt, Key or Root Crt files to a temporary folder on your hard drive or on the server.
The Windows Servers and many devices will take a single PFX file with all certificates chained.  (Be sure to remember the password for the PFX file.)  
It is easy to import the single .pfx file to the local server Windows Certificate Store.

The Linux Servers will usually want an individual ".key" file, an individual ".crt" file and the root ".crt" file.
Most of the time the "apache.conf" file specifies where the new files need to be located

sneharani · 2023-07-21T09:02:05.000Z

Try OpenSSL for this.

openssl req -new -subj "/C=Country/ST=State/L=Location/O=Contoso/CN=url1.contoso.com" -addext "subjectAltName = DNS:url1.contoso.com,DNS:url2.contoso.com" -newkey rsa:2048 -keyout url.contoso.com-key.pem -out url.contoso.com.csr