Creating an SSL certificate signature request file

You can create a Certificate Signing Request file using the openssl utility or online services.

To create a Certificate Signing Request file using the openssl utility:

  1. Prepare a request.config text file with the following contents (for examples of settings, see the table below):

    [req]

    default_bits=2048

    prompt=no

    default_md=sha256

    req_extensions=req_ext

    distinguished_name=dn

    [dn]

    C=<two-letter country code>

    ST=<region>

    L=<city>

    O=<organization name>

    OU=<organizational unit name>

    emailAddress=<email address of the web server administrator>

    CN=<domain name of the Control Node of the cluster>

    [req_ext]

    subjectAltName=@alt_names

    [alt_names]

    DNS.1=<domain name of the Control Node of the cluster>

    DNS.2=<domain name of the Secondary Node of the cluster>

    DNS.3=<domain name of the Secondary Node of the cluster>

  2. Create a private RSA key with the PEM extension (without a passphrase):

    openssl genrsa -out key.pem 2048

  3. Create a Certificate Signing Request using the following command:

    openssl req -new -sha256 -key key.pem -out request.csr -config request.config

This creates the following files:

Examples of settings in the request.config file

Setting

Example

C

RU

ST

Moscow

L

Moscow

O

Organization name

OU

IT department

emailAddress

administrator@example.com

CN

ksmg01.example.com

DNS.1

ksmg01.example.com

DNS.<number>

ksmg<number>.example.com

Page top