Application Launcher

A Certificate Signing Request (CSR) file is a block of encrypted text that is generated on the infrastructure that the certificate will be used on. It has information that will be included in your SSL certificate, such as your organization name, common name (domain name), locality, and country. You can’t create an SSL certificate without first generating a CSR file.

Recommended method

CSRs generated from the command line are neither managed nor displayed on the Cloud Platform interface’s SSL page. For information on creating CSRs by using the SSL Setup wizard in Cloud Platform, see Generating a certificate signing request (CSR).

Creating a command-line CSR

To generate a CSR:

In the directory /mnt/gfs/[application].prod/ssl (where [application] is your application in Cloud Platform), copy the following two files (if they exist) into a new directory for backup:
- [application].conf
- private.key
Create a file named domains.txt that has a list of all the domains that you want covered by your SSL certificate.
Edit the [application].conf file, and then delete everything following the [alt_names] section header. If you don’t have an existing [application].conf file, download and modify this example.sitename.conf file.
Save the [application].conf file.

Run the following command to add the updated list of domains to the [application].conf file:

i=1; for domain in $(cat domains.txt) ; do echo "DNS.$i = $domain" ; ((i++)) ;  done >> [application].conf

To generate the CSR file, run the following command:
```
openssl req -nodes -sha256 -newkey rsa:2048 -config [application].conf -keyout private.key -out [application].csr
```
Even though the information in the [application].conf file has pre-populated the default fields with data, you are prompted to enter details for the CSR file. To continue, press the Enter key.

Use the following commands to ensure that your private.key and CSR files match.

openssl req -noout -modulus -in [application].csr | openssl md5
openssl rsa -noout -modulus -in private.key | openssl md5

The files should have matching hashes similar to the following example:

(stdin)= 9fb4c34545e3f8140db44b250cd001e0

Recommended method

Creating a command-line CSR

To generate a CSR:

In the directory /mnt/gfs/[application].prod/ssl (where [application] is your application in Cloud Platform), copy the following two files (if they exist) into a new directory for backup:
- [application].conf
- private.key
Create a file named domains.txt that has a list of all the domains that you want covered by your SSL certificate.
Edit the [application].conf file, and then delete everything following the [alt_names] section header. If you don’t have an existing [application].conf file, download and modify this example.sitename.conf file.
Save the [application].conf file.

Run the following command to add the updated list of domains to the [application].conf file:

i=1; for domain in $(cat domains.txt) ; do echo "DNS.$i = $domain" ; ((i++)) ;  done >> [application].conf

To generate the CSR file, run the following command:
```
openssl req -nodes -sha256 -newkey rsa:2048 -config [application].conf -keyout private.key -out [application].csr
```
Even though the information in the [application].conf file has pre-populated the default fields with data, you are prompted to enter details for the CSR file. To continue, press the Enter key.

Use the following commands to ensure that your private.key and CSR files match.

openssl req -noout -modulus -in [application].csr | openssl md5
openssl rsa -noout -modulus -in private.key | openssl md5

The files should have matching hashes similar to the following example:

(stdin)= 9fb4c34545e3f8140db44b250cd001e0

Recommended method

Creating a command-line CSR

To generate a CSR:

In the directory /mnt/gfs/[application].prod/ssl (where [application] is your application in Cloud Platform), copy the following two files (if they exist) into a new directory for backup:
- [application].conf
- private.key
Create a file named domains.txt that has a list of all the domains that you want covered by your SSL certificate.
Edit the [application].conf file, and then delete everything following the [alt_names] section header. If you don’t have an existing [application].conf file, download and modify this example.sitename.conf file.
Save the [application].conf file.

Run the following command to add the updated list of domains to the [application].conf file:

i=1; for domain in $(cat domains.txt) ; do echo "DNS.$i = $domain" ; ((i++)) ;  done >> [application].conf

To generate the CSR file, run the following command:
```
openssl req -nodes -sha256 -newkey rsa:2048 -config [application].conf -keyout private.key -out [application].csr
```
Even though the information in the [application].conf file has pre-populated the default fields with data, you are prompted to enter details for the CSR file. To continue, press the Enter key.

Use the following commands to ensure that your private.key and CSR files match.

openssl req -noout -modulus -in [application].csr | openssl md5
openssl rsa -noout -modulus -in private.key | openssl md5

The files should have matching hashes similar to the following example:

(stdin)= 9fb4c34545e3f8140db44b250cd001e0

Creating a command-line CSR

Creating a command-line CSR

Creating a command-line CSR

Did not find what you were looking for?

Did not find what you were looking for?

Creating CSR files from the command line

Creating a command-line CSR

Creating CSR files from the command line

Creating a command-line CSR

Creating CSR files from the command line

Creating a command-line CSR

Did not find what you were looking for?

Did not find what you were looking for?