Project

General

Profile

CSRRequest

We will use openssl to make a certificate request and key.
Openssl always makes keys initially encrypted, so we'll have to then decrypt the key:

So to make a request for myservice/myhost.fnal.gov, you would:

openssl req -new -newkey rsa:2048 -passout pass:some-password -out request.pem \
   -subj "/DC=com/DC=DigiCert-Grid/O=DigiCert Grid/OU=Services/CN=myservice\\/myhost.fnal.gov" 

Then to decrypt the key file:

openssl rsa -in  privkey.pem -out request.key -passin pass:some-password

Then make sure your key and your request file match:

openssl req -modulus -in request.pem -noout
openssl rsa -modulus -in request.key -noout

The outputs should be the same.

Now you should save this request.key file, and use the request.pem file text to paste
into the web request form.