Generate a CSR with SANs

From IVS Wiki
Jump to: navigation, search

Generate a CSR with SANs

  1. Connect to the Valt appliance via SSH
  2. Type in the following, and press Enter
    • nano csr_details.conf
  3. Copy and paste the following into nano:
  4. Make sure to update the CSR with your information.

    [req]
    default_bits = 2048
    prompt = no
    default_md = sha256
    req_extensions = req_ext
    distinguished_name = dn
    [ dn ]
    C=US
    ST=New York
    L=Rochester
    O=End Point
    OU=Testing Domain
    emailAddress=your-administrative-address@your-awesome-existing-domain.com
    CN = www.your-new-domain.com
    [ req_ext ]
    subjectAltName = @alt_names
    [ alt_names ]
    DNS.1 = your-new-domain.com
    DNS.2 = www.your-new-domain.com
  5. Update the information to match your installation. This is the same information you would normally put in a CSR.
  6. Press CTRL + X
  7. Enter Y.
  8. Press Enter.
  9. Type in the following, and press Enter
    • openssl req -new -sha256 -nodes -out valt.csr -newkey rsa:2048 -keyout valt.key -config csr_details.conf

    Make sure to update the CSR and key path for your installation.


Other Commands

Check a Certificate Signing Request (CSR)
openssl req -text -noout -verify -in valt.csr
Check a certificate
openssl x509 -in valt.cer -text -noout
Check a private key
openssl rsa -in valt.key -check