Creating an SSL certificate signature request file
July 10, 2024
ID 234130
You can create a Certificate Signing Request file using the openssl utility or online services.
To create a Certificate Signing Request file using the openssl utility:
- Prepare a request.config text file with the following contents (for examples of settings, see the table below):
[req]
default_bits=2048
prompt=no
default_md=sha256
req_extensions=req_ext
distinguished_name=dn
[dn]
C=<two-letter country code>
ST=<region>
L=<city>
O=<organization name>
OU=<organizational unit name>
emailAddress=<email address of the administrator>
CN=<domain name of the Control Node of the cluster>
[req_ext]
subjectAltName=@alt_names
[alt_names]
DNS.1=<domain name of the Control Node of the cluster>
DNS.2=<domain name of the Secondary Node of the cluster>
DNS.3=<domain name of the Secondary Node of the cluster>
- Create a private RSA key with the PEM extension (without a passphrase):
openssl genrsa -out key.pem 2048
- Create a Certificate Signing Request using the following command:
openssl req -new -sha256 -key key.pem -out request.csr -config request.config
This creates the following files:
- key.pem is the RSA private key file with the PEM extension. Save this file to use it for replacing the certificate on the cluster node.
- request.csr is the Certificate Signing Request in the PKCS#10 format. Submit this file to the certification authority.
Examples of settings in the request.config file
Setting | Example |
---|---|
C |
|
ST |
|
L |
|
O |
|
OU |
|
|
|
CN |
|
DNS.1 |
|
DNS.<number> |
|