Generate a certificate-signing request by using the OpenSSL tool for Windows.

Prerequisites

  • Install the OpenSSL tool. See http://www.openssl.org for information about obtaining the OpenSSL tool.
  • Edit the openssl.cfg file to add additional required parameters. Make sure the [req] section has the req_extensions parameter defined.
    [req]
            .
            .
            req_extensions=v3_req # 
  • Add an appropriate Subject Alternative Name entry for the hostname or IP address of your server, for example server-01.operationsforlogs.domain. You cannot specify a pattern for the hostname.
    [v3_req]
            .
            .
            subjectAltName=DNS:server-01.operationsforlogs.domain
            #subjectAltName=IP:10.27.74.215

Procedure

  1. Create a folder to save your certificate files, for example C:\Certs\OperationsforLogs.
  2. Open a Command Prompt and run the following command to generate your private key.
    C:\Certs\OperationsforLogs>openssl genrsa -out server.key 2048
  3. Create a certificate signing request by running the following command.
    C:\Certs\OperationsforLogs>openssl req -new -key server.key -out server.csr
    Note: This command runs interactively and asks you a number of questions. Your certificate authority will cross check your answers. Your answers must match the legal documents regarding the registration of your company.
  4. Follow the onscreen instructions and enter the information that will be incorporated into your certificate request.
    Important: In the Common Name field, enter the hostname or IP address of your server, for example mail.your.domain. If you want to include all subdomains, enter *your.domain.

Results

Your certificate signing request file server.csr is generated and saved.