Csr generation gnutls

Please enter the hostname for which you want to request a certificate:

With GnuTLS, you can generate a key and the related CSR using the command line. FQHN is the Fully Qualified Host Name.

Use the following command in order to generate the private key:

certtool --generate-privkey --outfile FQHN.key

Create a template file named FQHN.txt containing the following content:

organization = "Karlsruhe Institute of Technology"
locality = "Karlsruhe"
state = "Baden-Wuerttemberg"
country = DE
cn = "FQHN"
dns_name = "FQHN"

In order to add Subject Alternative Names (SANs), add additional dns_name lines to the previously created template file FQHN.txt:

dns_name = "additional-hostname.ifmb.kit.edu"
dns_name = "another-hostname.ifmb.kit.edu"

You can now create the CSR:

certtool --generate-request --hash SHA256 --no-text \
 --load-privkey FQHN.key \
 --template FQHN.txt \
 --outfile FQHN.req