Creating a Certificate Signing Request (CSR) using OpenSSL

Last Updated : Aug 25, 2021 |

About this task

Use this procedure to generate a CSR using OpenSSL.

You can also generate a CSR using the Avaya Aura® Web Gateway web administration portal.

Before you begin

Ensure that you have the OpenSSL utility.

Procedure

Create an OpenSSL configuration file.

For example:

[ req ]
req_extensions = v3_req
distinguished_name = req_distinguished_name

[req_distinguished_name]
 
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = dnsserver10927.company.com
DNS.2 = dnsserver10938.company.com
DNS.3 = dnsserver10955.company.com

The alt_names section defines the Subject Alternative Names list and must contain FQDNs of all nodes in the cluster. For Open LDAP, the alt_names section must also contain the localhost.localdomain and, for IPv6, localhost6.localdomain records.

Run the following command:
```
openssl req -out <CSR_request_file>.csr -newkey rsa:2048 -nodes –keyout <CSR_key_file>.key -config <configuration_file>
```
In this command:
- <CSR_request_file>.csr specifies a CSR file name.
- <CSR_key_file>.key specifies a file containing a private key that is used to add the signed certificate to the system.
- <configuration_file> specifies the OpenSSL configuration file that was created in the previous step.
For example:
```
openssl req -out createCSR.csr -newkey rsa:2048 -nodes –keyout keyCSR.key -config configCSR.config
```

Send Feedback

AVAYA DOCUMENTATION CENTER

No results found