{"id":1447,"date":"2021-04-20T07:58:00","date_gmt":"2021-04-19T19:58:00","guid":{"rendered":"https:\/\/www.ronella.xyz\/?p=1447"},"modified":"2021-04-20T07:58:00","modified_gmt":"2021-04-19T19:58:00","slug":"certificate-signing-request-csr","status":"publish","type":"post","link":"https:\/\/www.ronella.xyz\/?p=1447","title":{"rendered":"Certificate Signing Request (CSR)"},"content":{"rendered":"

Generating a CSR<\/h2>\n
    \n
  1. \n

    Download OpenSSL binaries from the following link if you are using windows:<\/p>\n

    https:\/\/slproweb.com\/products\/Win32OpenSSL.html<\/a><\/p>\n<\/li>\n

  2. \n

    Create a domain.cnf<\/strong> file using the following template:<\/p>\n

    [ req ]\ndefault_bits        = 2048\ndefault_keyfile     = private.pem\ndistinguished_name  = subject\nreq_extensions      = req_ext\nx509_extensions     = x509_ext\nstring_mask         = utf8only\n\n[ subject ]\ncountryName         = Country Name (2 letter code)\ncountryName_default     = <2_LETTER_COUNTRY_CODE>\n\nstateOrProvinceName     = State or Province Name (full name)\nstateOrProvinceName_default = <STATE_NAME>\n\nlocalityName            = Locality Name (eg, city)\nlocalityName_default        = <CITY_NAME>\n\norganizationName         = Organization Name (eg, company)\norganizationName_default    = <ORGANIZATION_NAME>\n\norganizationalUnitName         = Organizational Unit (eg, section)\norganizationalUnitName_default = <ORGANIZATIONAL_UNIT>\n\ncommonName          = Common Name (e.g. server FQDN or YOUR name)\ncommonName_default      = <YOUR_NAME>\n\nemailAddress            = Email Address\nemailAddress_default        = <YOUR_EMAIL_ADDR>\n\n# Section x509_ext is used when generating a self-signed certificate. I.e., openssl req -x509 ...\n[ x509_ext ]\n\nsubjectKeyIdentifier        = hash\nauthorityKeyIdentifier    = keyid,issuer\n\nbasicConstraints        = CA:false\nkeyUsage            = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment\nsubjectAltName          = @alternate_names\nnsComment           = \"Self-signed Certificate\"\n\n# Section req_ext is used when generating a certificate signing request. I.e., openssl req ...\n[ req_ext ]\n\nsubjectKeyIdentifier        = hash\n\nbasicConstraints        = CA:false\nkeyUsage            = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment\nsubjectAltName          = @alternate_names\nnsComment           = \"Private Certificate\"\n\n[ alternate_names ]\n\nDNS.1        = <DNS_1>\n\n# Add more DNS by incrementing the DNS.<SUFFIX> like the following.\n# DNS.2       = <DNS_2>\n# DNS.3       = <DNS_3>\n# DNS.4       = <DNS_4>\n\n# Add these if you need them. But usually you don't want them or\n#   need them in production. You may need them for development.\n# DNS.5       = localhost\n# DNS.6       = localhost.localdomain\n# DNS.7       = 127.0.0.1\n\n# IPv6 localhost\n# DNS.8     = ::1<\/code><\/pre>\n
    Replace the following fields on the template:<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n
    Field Name<\/th>\nDescription<\/th>\n<\/tr>\n<\/thead>\n
    2_LETTER_COUNTRY_CODE<\/td>\nThe two letter code of your country.<\/td>\n<\/tr>\n
    STATE_NAME<\/td>\nThe name of your state.<\/td>\n<\/tr>\n
    CITY_NAME<\/td>\nThe name of your city.<\/td>\n<\/tr>\n
    ORGANIZATION_NAME<\/td>\nThe name of your organization.<\/td>\n<\/tr>\n
    ORGANIZATIONAL_UNIT<\/td>\nThe name of your section in the organization.<\/td>\n<\/tr>\n
    YOUR_NAME<\/td>\nYour full name.<\/td>\n<\/tr>\n
    YOUR_EMAIL_ADDR<\/td>\nYour email address.<\/td>\n<\/tr>\n
    DNS_<INDEX><\/td>\nYour DNS name.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
    Example:<\/p>\n
    [ req ]\ndefault_bits        = 2048\ndefault_keyfile     = private.pem\ndistinguished_name  = subject\nreq_extensions      = req_ext\nx509_extensions     = x509_ext\nstring_mask         = utf8only\n\n[ subject ]\ncountryName         = Country Name (2 letter code)\ncountryName_default     = NZ\n\nstateOrProvinceName     = State or Province Name (full name)\nstateOrProvinceName_default = Wellington\n\nlocalityName            = Locality Name (eg, city)\nlocalityName_default        = Wellington\n\norganizationName         = Organization Name (eg, company)\norganizationName_default    = My Organization\n\norganizationalUnitName         = Organizational Unit (eg, section)\norganizationalUnitName_default = IT Department\n\ncommonName          = Common Name (e.g. server FQDN or YOUR name)\ncommonName_default      = www.ronella.xyz\n\nemailAddress            = Email Address\nemailAddress_default        = ron@ronella.xyz\n\n# Section x509_ext is used when generating a self-signed certificate. I.e., openssl req -x509 ...\n[ x509_ext ]\n\nsubjectKeyIdentifier        = hash\nauthorityKeyIdentifier    = keyid,issuer\n\nbasicConstraints        = CA:false\nkeyUsage            = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment\nsubjectAltName          = @alternate_names\nnsComment           = \"Self-signed Certificate\"\n\n# Section req_ext is used when generating a certificate signing request. I.e., openssl req ...\n[ req_ext ]\n\nsubjectKeyIdentifier        = hash\n\nbasicConstraints        = CA:false\nkeyUsage            = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment\nsubjectAltName          = @alternate_names\nnsComment           = \"Private Certificate\"\n\n[ alternate_names ]\n\nDNS.1        = www.ronella.xyz\n\n# Add more DNS by incrementing the DNS.<SUFFIX> like the following.\n# DNS.2       = <DNS_2>\n# DNS.3       = <DNS_3>\n# DNS.4       = <DNS_4>\n\n# Add these if you need them. But usually you don't want them or\n#   need them in production. You may need them for development.\n# DNS.5       = localhost\n# DNS.6       = localhost.localdomain\n# DNS.7       = 127.0.0.1\n\n# IPv6 localhost\n# DNS.8     = ::1<\/code><\/pre>\n<\/li>\n
  3. \n
    Generate a private key<\/strong> using the following command:<\/p>\n
    openssl genrsa -out domain.key.pem 2048<\/code><\/pre>\n<\/li>\n
  4. \n
    Generate the CSR<\/strong> using the private key with the following command:<\/p>\n
    openssl req -new -key domain.key.pem -nodes -out domain.csr -config domain.cnf<\/code><\/pre>\n<\/li>\n<\/ol>\n
    Viewing the Generated CSR<\/h2>\n
      \n
    1. \n
      View the generated CSR using the following command:<\/p>\n
      openssl req -text -noout -verify -in domain.csr<\/code><\/pre>\n<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"
      Generating a CSR Download OpenSSL binaries from the following link if you are using windows: https:\/\/slproweb.com\/products\/Win32OpenSSL.html Create a domain.cnf file using the following template: [ req ] default_bits = 2048 default_keyfile = private.pem distinguished_name = subject req_extensions = req_ext x509_extensions = x509_ext string_mask = utf8only [ subject ] countryName = Country Name (2 letter code) […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[23],"tags":[],"_links":{"self":[{"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=\/wp\/v2\/posts\/1447"}],"collection":[{"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1447"}],"version-history":[{"count":1,"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=\/wp\/v2\/posts\/1447\/revisions"}],"predecessor-version":[{"id":1448,"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=\/wp\/v2\/posts\/1447\/revisions\/1448"}],"wp:attachment":[{"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1447"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1447"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ronella.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1447"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}