Creating an SSL certificate signature request file

You can create a Certificate Signing Request file using the openssl utility or online services.

To create a Certificate Signing Request file using the openssl utility:

1. Prepare a request.config text file with the following contents (for examples of settings, see the table below):

   [req]

   default_bits=2048

   prompt=no

   default_md=sha256

   req_extensions=req_ext

   distinguished_name=dn

   [dn]

   C=<two-letter country code>

   ST=<region>

   L=<city>

   O=<organization name>

   OU=<organizational unit name>

   emailAddress=<email address of the web server administrator>

   CN=<domain name of the Control Node of the cluster>

   [req_ext]

   subjectAltName=@alt_names

   [alt_names]

   DNS.1=<domain name of the Control Node of the cluster>

   DNS.2=<domain name of the Secondary Node of the cluster>

   DNS.3=<domain name of the Secondary Node of the cluster>

2. Create a private RSA key with the PEM extension (without a passphrase):

   openssl genrsa -out key.pem 2048

3. Create a Certificate Signing Request using the following command:

   openssl req -new -sha256 -key key.pem -out request.csr -config request.config

This creates the following files:

• key.pem is the RSA private key file with the PEM extension. Save this file to use it for replacing the certificate on the cluster node.
• request.csr is the Certificate Signing Request in the PKCS#10 format. Submit this file to the certification authority.

Examples of settings in the request.config file

Setting	Example
C	RU
ST	Moscow
L	Moscow
O	Organization name
OU	IT department
emailAddress	administrator@example.com
CN	ksmg01.example.com
DNS.1	ksmg01.example.com
DNS.<number>	ksmg<number>.example.com

Page top