We frequently need to build certificates with a private key and a certificate paired as a .PFX to deploy for security on applications and servers. This explain how to get the Certificate Request (CSR) to provide Segtigo when building an SSL certificate.
You need to be working out of your OpenSSL\bin directory from a cmd prompt or a PowerShell session.
This example is being used to creat a SAN certificate (.pfx) for our wireless authentication servers NPS, NPS-NAC1, NPS-NAC2.
Change your server information as needed!
The Steps are:
- Create an openssl configuration file which enables subject alternative names (.cnf)
- Create a Certificate Request File (.csr) by running a command.
- You now have a .csr (request file) and a private key.
This first step helps create an OpenSSL configuration file which enables subject alternative names (.cnf):
1. Add the following to a file, edit the proper information, and name it san.cnf in your OpenSSL/bin directory.
*********This for NPS**********
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Idaho
localityName = Locality Name (eg, city)
localityName_default = Coeur d Alene
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = NPS
commonName = nic.edu
commonName_max = 64
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = nps.nic.edu
DNS.2 = nps-nac1.nic.edu
DNS.3 = nps-nac2.nic.edu
2. Then run the following command to generate a San csr:
.\openssl req -out NPS.csr -newkey rsa:2048 -nodes -keyout NPS.key -config NPScnf.cnf
Answer the questions as you would withthe CSR process in a Windows certificate console. ie.. US for country code.
3. This will generate a private key and a .csr file. You can now use this CSR to request a SAN certificate (Incommon Multi Domain SSL (SHA-2)) from Sectigo.