Because I won’t remember this in a few weeks time I will just document how to get a basic CSR in Linux with OpenSSL.
Let’s create a certificate template with all necessary fields
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
$ cat openssl.cnf req_extensions = v3_req distinguished_name = req_distinguished_name prompt = no [req_distinguished_name] C = US ST = OH L = Richfield O = Example Inc. OU = RnD CN = lab-srv01.lab.local [ v3_req ] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment extendedKeyUsage=serverAuth,clientAuth subjectAltName = @alt_names [alt_names] DNS.1 = lab-srv01.lab.local IP.1 = 172.16.1.1 IP.2 = 172.16.1.2 |
Now we need the RSA key
1 |
openssl genrsa -out csr.key 4096 |
With this key and the template we create the CSR
1 |
openssl req -config openssl.cnf -new -key csr.key -out myserver.csr |
And because we love security let’s encrypt the private key
1 |
openssl pkcs8 -v1 PBE-SHA1-3DES -topk8 -in key.pem -out encrypted_key.pem |