melvinlee/generatecsr.md

Created August 29, 2019 02:19

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Select an option

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/melvinlee/caf50dc9a67fa4484b4cf1ebd66bb9fd.js"></script>
Save melvinlee/caf50dc9a67fa4484b4cf1ebd66bb9fd to your computer and use it in GitHub Desktop.

Download ZIP

PKI

Raw

generatecsr.md

PKI

How to Generate Private Key

File parameters to be updated. fileName is file’s name keyPassword is the API Key password

export filename=mykey

Generate new PKI key pair, with 2048 key encryption

openssl genrsa -out ${filename}.key 2048

How to Generate CSR

export keyname=mykey
export fileName=mycsr
export commonName="www.example.com" 
export organizationUnit="MyOrg"
export organizationName="myDepartment" 
export localityName="Singapore"
export stateName="Singapore"
export subjectAlternataiveName1="www.example.com"
export subjectAlternataiveName2="api.example.com"

Generate Certificate Signing Request

openssl req -new \
-key ${keyname}.key \
-out ${fileName}.csr \
-sha256 -subj "/CN=${commonName}/OU=${organizationUnit}/O=${organizationName}/L=${localityName}/ST=${stateName}/C=SG" \
-reqexts SAN \
-config <(cat /etc/ssl/openssl.cnf \
        <(printf "\n[SAN]\nsubjectAltName=DNS:${subjectAlternataiveName1},DNS:${subjectAlternataiveName2}")) \

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment