Creating an SSL certificate signature request file

3 July 2024

ID 234130

You can create a Certificate Signing Request file using the openssl utility or online services.

To create a Certificate Signing Request file using the openssl utility:

  1. Prepare a request.config text file with the following contents (for examples of settings, see the table below):

    [req]

    default_bits=2048

    prompt=no

    default_md=sha256

    req_extensions=req_ext

    distinguished_name=dn

    [dn]

    C=<two-letter country code>

    ST=<region>

    L=<city>

    O=<organization name>

    OU=<organizational unit name>

    emailAddress=<email address of the administrator>

    CN=<domain name of the Control Node of the cluster>

    [req_ext]

    subjectAltName=@alt_names

    [alt_names]

    DNS.1=<domain name of the Control Node of the cluster>

    DNS.2=<domain name of the Secondary Node of the cluster>

    DNS.3=<domain name of the Secondary Node of the cluster>

  2. Create a private RSA key with the PEM extension (without a passphrase):

    openssl genrsa -out key.pem 2048

  3. Create a Certificate Signing Request using the following command:

    openssl req -new -sha256 -key key.pem -out request.csr -config request.config

This creates the following files:

  • key.pem is the RSA private key file with the PEM extension. Save this file to use it for replacing the certificate on the cluster node.
  • request.csr is the Certificate Signing Request in the PKCS#10 format. Submit this file to the certification authority.

Examples of settings in the request.config file

Setting

Example

C

RU

ST

Moscow

L

Moscow

O

Organization name

OU

IT department

emailAddress

administrator@example.com

CN

ksmg01.example.com

DNS.1

ksmg01.example.com

DNS.<number>

ksmg<number>.example.com

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.