Csr generation openssl

Please enter the hostname for which you want to request a certificate:

Using OpenSSL, you can generate a key and the related CSR using the command line. FQHN is the Fully Qualified Host Name.

openssl req -newkey rsa:4096 \
 -out FQHN.req \
 -keyout FQHN.key \
 -nodes \
 -subj '/CN=FQHN'

The parameter -nodes is used in order to save the private key without encryption. This is useful for most server applications. Otherwise, you will need to enter the passwort on every start of the application or at worst render the application unable to start. In order to save the private key encrypted with a password, just leave out the -nodes parameter.

In order to add Subject Alternative Names (SANs), the following command can be used. Make sure to change the hostnames to the ones you actually need. Every hostname must be prefixed with DNS:, multiple entries must be seperated by a ,.

openssl req -newkey rsa:4096 \
 -out FQHN.req \
 -keyout FQHN.key \
 -nodes \
 -subj '/CN=FQHN' \
 -addext 'subjectAltName = DNS:weiterer-hostname.ifmb.kit.edu,DNS:noch-ein-hostname.ifmb.kit.edu'