How to properly generate a .csr file

During my short IT-career, I have dealt with alot people who struggle with generating a .csr file (certificate signing request) on Linux. Windows (especially IIS) have a more clearer approach so that can most of the people figure out by themselves without having to ask to many questions :)

The following example generates a .csr and a .key file for the Company “Company Name”, located in some country in the city “City”. Just replace the variables to your liking.
COUNTRY=2 letter country code
ORG="Company Name"

openssl req -utf8 -nameopt multiline,utf8 -new -newkey rsa:2048 -nodes -sha256 -out $DOMAIN.csr -keyout $DOMAIN.key -subj "/C=${COUNTRY}/ST=${STATE}/L=${CITY}/O=${ORG}/OU=IT/CN=$DOMAIN"

Sometimes, you do want to generare a .csr file that includes two or more domains – a SAN certificate. Using the same variable as above, we can now add more CN's to the .csr:

openssl req -utf8 -nameopt multiline,utf8 -new -newkey rsa:2048 -nodes -sha256 -out $DOMAIN.csr -keyout $DOMAIN.key -subj "/C=${COUNTRY}/ST=${STATE}/L=${CITY}/O=${ORG}/OU=IT/CN=$DOMAIN" -config <(
cat <<-EOF
default_bits = 2048
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
[ dn ]
[ req_ext ]
subjectAltName = @alt_names
DNS.1 =
DNS.2 =
DNS.3 =
DNS.3 =
DNS.3 =
DNS.3 =
DNS.3 =
DNS.3 =

I hope this can prevent some headache for one or two :)

#linux #openssl #csr #ssl #tls #certificate