Generate CSR requests using openssl.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
AJ ONeal e67bb57d89 add pem header / footer 2 years ago
CSR-RSA add pem header / footer 2 years ago
config Demo for how to get CSR requests for RSA or ECDSA keys without any organizational info for analysis. 2 years ago
README.md start EC work 2 years ago

README.md

Using a RSA Key

Generate a RSA private key:

openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048

# or
openssl genrsa -out private.pem 2048 -pubout public.pem

Generate the public key from the private key:

openssl rsa -pubout -in private_key.pem -out public_key.pem

Using a ECDSA Key

Generate a ECDSA (EC P-256) private key:

openssl ecparam -genkey -name prime256v1 -noout -out privateec.pem

Generate the public key from the private key:

openssl ec -in privateec.pem -pubout -out publicec.pem

Creating the CSR Request

You can generate a CSR request like this: (replacing example.com and www.example.com with your own stuff)

openssl req -key ../private-rsa.pem -new -nodes \
     -config <(printf "[req]
      prompt = no
      req_extensions = req_ext
      distinguished_name = dn

      [ dn ]
      CN = example.com

      [ req_ext ]
      subjectAltName = @alt_names

      [ alt_names ]
      DNS.1 = example.com
      DNS.2 = www.example.com") \
     -out example.com.csr

The printf line contains a comma separated list of alternate names equal to subjectAltName= like this:

subjectAltName=DNS:name,DNS:name2,DNS:name3

That's it. You've got a CSR request.

Using a config file

If you want to do it the way I did initially, you'll need a configuration file and follow the directions below.

Setup the config file like this:

[req]
prompt = no
req_extensions = req_ext
distinguished_name = dn

[ dn ]
CN = example.com

[ req_ext ]
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = example.com
DNS.2 = www.example.com

Generate a CSR request for any key:

openssl req -key private_key.pem -new -nodes -out example.com.csr -config conf-example.com