Steps for creating a command-line CSR¶

To generate a CSR:

1. In the directory /mnt/gfs/[application].prod/ssl (where [application] is your application in Cloud Platform), copy the following two files (if they exist) into a new directory for backup:
   • [application].conf
   • private.key
2. Create a file named domains.txt that has a list of all the domains that you want covered by your SSL certificate.
3. Edit the [application].conf file, and then delete everything following the [alt_names] section header. If you don’t have an existing [application].conf file, download and modify this example.sitename.conf file.
4. Save the [application].conf file.

5. Run the following command to add the updated list of domains to the [application].conf file:

   i=1; for domain in $(cat domains.txt) ; do echo "DNS.$i = $domain" ; ((i++)) ;  done >> [application].conf
   

6. To generate the CSR file, run the following command:

   openssl req -nodes -sha256 -newkey rsa:2048 -config [application].conf -keyout private.key -out [application].csr
   

   Even though the information in the [application].conf file has pre-populated the default fields with data, you are prompted to enter details for the CSR file. To continue, press the Enter key.

7. Use the following commands to ensure that your private.key and CSR files match.

   openssl req -noout -modulus -in [application].csr | openssl md5
   openssl rsa -noout -modulus -in private.key | openssl md5
   

   The files should have matching hashes similar to the following example:

   (stdin)= 9fb4c34545e3f8140db44b250cd001e0