Creation of Openssl Multi-Domain CSR

From Thomas-Krenn-Wiki
Jump to navigation Jump to search

This article explains how to create a certificate request (CSR) for multi domain certificates with openssl. Relevant providers, such as Comodo, Thawte or Geotrust require a CSR-file, that contains the most important information on your certificate and your company, to issue a SSL-certificate.

In the following steps, the creation of a pivate-key and of a CSR-file is explained.

Creation of req.conf

 cd /etc/ssl
 touch req.conf

Fill the file with the following content: 

[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = DE
ST = BY
L = Freyung
O = Ihr Firmenname
OU = Abteilung XY
CN = www.ihre-firma.de
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = www.ihre-firma.de
DNS.2 = ihre-firma.de
DNS.3 = www.ihrefirma.de
DNS.4 = ihrefirma.de

Creation of private key

miniatur
openssl genrsa -out ihre-firma.de.key.2015 2048

Creation of CSR

 openssl req -new -out ihre-firma.de.csr.2015 -key ihre-firma.de.key.2015 -config req.conf

It is important that you enter all possible variants in the "alt-names" field, because according to RFC 6125, the SAN entries are checked first and if any exist, the CN is not always checked again. In a nutshell: If SAN-entries exist, the CN is ignored in some cases. The main domain should, however, always be entered in the CN.

Verification of CSR =

You can have the CSR checked in advance: Check and decode CSR

After this, give the CSR to the corresponding service provider, so that the certificate can be issued.


Author: Jonas Sterr

Jonas Sterr has been working for Thomas-Krenn for several years. Originally employed as a trainee in technical support and then in hosting (formerly Filoo), Mr. Sterr now mainly deals with the topics of storage (SDS / Huawei / Netapp), virtualization (VMware, Proxmox, HyperV) and network (switches, firewalls) in product management at Thomas-Krenn.AG in Freyung.


Translator: Alina Ranzinger

Alina has been working at Thomas-Krenn.AG since 2024. After her training as multilingual business assistant, she got her job as assistant of the Product Management and is responsible for the translation of texts and for the organisation of the department.


Related articles

Differences between hardware RAID and Linux software RAID
Show article
Reading out DMI hardware infos via sysfs
Show article
Secure Linux server with CrowdSec
Show article