Write a CSR to a CA with Openssl

If you order i.e a wildcart certificate you dont want to generate the keys on a webserver because you cant just export them without special tools.

Instead you can use openssl to make the CSR.

1. First we create a keypair and the request. The configuration file we use is the one that comes along with openssl.

OpenSSL> req -sha1 -new -newkey rsa:2048 -keyout keyfile.key -out request.csr -config “C:\Program Files\GnuWin32\share\openssl.cnf”

2. Send the request.csr to the CA.

3. When you get the signed certificate from CA, use this to make a p12

OpenSSL> pkcs12 -export -inkey keyfile.key -in certfromca.crt -out certificate.p12 -name mynewcert

This entry was posted in PKI and tagged , , , , . Bookmark the permalink.