Certificate Signing Request (CSR) - Creation (Linux)
This article has not been completed yet. However, it may already contain helpful Information and therefore it has been published at this stage.
CSR properties:
Common Name (CN) | The Fully Qualified Domain Name (FQDN). e.g. *.example.com, www.example.com, and mail.example.com. |
---|---|
Organization (O) | The legal name of your organization. Do not abbreviate and include any suffixes, such as Inc., Corp., or LLC. |
Organizational Unit (OU) | The division of your organization handling the certificate. |
City/Locality (L) | The city where your organization is located. This shouldn’t be abbreviated. |
State/County/Region (S) | The state/region where your organization is located. This shouldn’t be abbreviated. |
Country (C) | The two-letter code for the country where your organization is located. |
Email Address | An email address used to contact your organization. |
# Checking Version
openssl version -a
# Installing OpenSSL
sudo apt install openssl
# CSR - Creation
sudo openssl req -new -newkey rsa:2048 -nodes -keyout <key-file>.key -out <csr-file>.csr
# The command creats two files. (1) .key and (2) .cer.
# Remove "-nodes" in a production environment. It avoids key-encryption
# which is not recommended.
# CSR - Creation based on a Custom Config-File
sudo openssl req -new -newkey rsa:2048 -nodes -keyout <key-file>.key -out <csr-file>.csr -config server_cert.cnf
# The command creats two files. (1) .key and (2) .cer.
# Remove "-nodes" in a production environment. It avoids key-encryption
# which is not recommended.
# Config-File Creation
nano server_cert.cnf
# Content server_cert.cnf
[req_distinguished_name]
countryName = Country Name (2 letter code)
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
organizationalUnitName = Organizational Unit Name (eg, section)
commonName = Common Name (eg, your name or your server\'s hostname)
emailAddress = Email Address
[req_ext]
subjectAltName = @alt_names
[alt_names]
IP.1 = <IP>
DNS.1 = <FQDN>
# CSR - Verification
openssl req -text -in <csr-file-name>.csr -noout -verify