Creating a Certificate Request with OpenSSL

Reading Time: 2 minutes

Creating a Certificate Request with OpenSSL is an article that explains how to create a request certificate using OpenSSL.

In this lab, we are using OpenSSL on Windows. You can download the OpenSSL on the below link:

https://slproweb.com/products/Win32OpenSSL.html

Creating a text file with your Certificate Details

The first step here is creating the text file with certificate details. You can use Notepad++ or your preferred text editor to complete this step.

Create a new file and put the below information:

[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no

[ req_distinguished_name ]
countryName = BR
stateOrProvinceName = SP
localityName = SP
organizationName = DPC Virtual Tips
organizationalUnitName = IT
commonName = nsx.lab.local

[ req_ext ]
subjectAltName = @alt_names

[alt_names]
DNS.1 = nsx.lab.local
DNS.2 = nsx-01.lab.local
DNS.3 = nsx-02.lab.local
DNS.4 = nsx-03.lab.local
IP.1 = 10.0.0.1
IP.2 = 10.0.0.2
IP.3 = 10.0.0.3
IP.4 = 10.0.0.4

Choose a file name and save that (in this example, we saved the file with “nsx-cert.txt”):

Generating the Certificate Signing Request and the Certificate Private Key

At this point, we need to generate the certificate request and the private key. We will do it with OpenSSL.

Firstly, open the Windows CMD and navigate to the openssl.exe directory:

cd C:\Program Files (x86)\GnuWin32\bin

Run the command below to generate the CSR file and the KEY file:

openssl.exe req -out C:\temp\nsx-cert.csr -newkey rsa:2048 -nodes -keyout C:\temp\nsx-cert.key -config C:\temp\nsx-cert.txt -sha256

Where:

-out C:\temp\nsx-cert.csr = The file that will be created containing the Certificate Request

-keyout C:\temp\nsx-cert.key = The file that contains the private key for this Certificate

-config C:\temp\nsx-cert.txt = The file that contains all details about the Certificate (this file has been created by us before)

On the C:\temp directory, we can see all files:

At this point, the Certificate Request is done. The next step is to send the CSR file to the CA (Certificate Authority) to sign this certificate and create the final certificate for us.

The CSR file content is: