- Create a file in the folder with the following content(changing the values for your required ones):
[req]
distinguished_name = req_distinguished_name
req_extensions = SAN
prompt = no
[req_distinguished_name]
C = US
ST = VA
L = SomeCity
O = MyCompany
OU = MyDivision
CN = csrexample.local
emailAddress = [email protected]
[SAN]
subjectAltName = @alt_names
[alt_names]
DNS.1 = csrexample.local
DNS.2 = csrexample
-
Generating the Certificate Signing Request:
- Execute the following command to generate the csr if you already have a keyfile:
$ openssl req -out <signingrequest.csr> -key <keyile> -nodes -config custom.cnf- Execute the following command to generate the csr and a keyfile:
$ openssl req -out <signingrequest.csr> -newkey rsa:2048 -nodes -keyout <keyile> -config custom.cnf- Verify the data in the CSR:
$ openssl req -noout -text -in <signingrequest.csr>
Certificate Request:
Data:
Version: 1 (0x0)
Subject: C = US, ST = VA, L = SomeCity, O = MyCompany, OU = MyDivision, CN = csrexample.local, emailAddress = [email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
(REDACTED)
Exponent: (REDACTED) ((REDACTED))
Attributes:
Requested Extensions:
X509v3 Subject Alternative Name:
DNS:csrexample.local, DNS:csrexample
Signature Algorithm: sha256WithRSAEncryption
(REDACTED)
-
Move the CSR to a srver with access to de the CA.
-
Execute the powershell command to get the list of available templates:
Get-CATemplate
- Generate the certificate(example with the WebServer template):
certreq -attrib "CertificateTemplate:WebServer" <signingrequest.csr> <outputcertificate.cer>