Generating Certificate Request with OpenSSL

Generating Certificate Request with New Key

To generate a certificate request with a new key:

$ openssl req \
    -new \
    -newkey rsa:2048 \
    -nodes \
    -keyout testuser.key \
    -subj "/UID=testuser/DC=example/DC=com" \
    -out testuser.csr

Generating Certificate Request with Existing Key

To generate a certificate request with an existing key:

$ openssl req \
    -new \
    -key testuser.key \
    -nodes \
    -subj "/UID=testuser/DC=example/DC=com" \
    -out testuser.csr

Generating Certificate Request with SAN Extension

To generate a certificate request with an empty subject and a SAN extension, specify the extension in a configuration file (e.g. sslserver.conf):

[req]
req_extensions     = req_ext

[req_ext]
subjectAltName     = @alt_names

[alt_names]
DNS.1              = www.example.com
DNS.2              = pki.example.com

then generate the certificate request as follows:

$ openssl req \
    -new \
    -newkey rsa:2048 \
    -nodes \
    -keyout sslserver.key \
    -subj "/" \
    -out sslserver.csr \
    -config sslserver.conf

Verifying Certificate Request

To verify the certificate request:

$ openssl req -text -noout -in <filename>

Tip	To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Generating Certificate Request with OpenSSL

Generating Certificate Request with New Key

Generating Certificate Request with Existing Key

Generating Certificate Request with SAN Extension

Verifying Certificate Request

Clone this wiki locally