HowTo: Create CSR using OpenSSL Without Prompt (Non-Interactive)

In this article you’ll find how to generate CSR (Certificate Signing Request) using OpenSSL from the Linux command line, without being prompted for values which go in the certificate’s subject field.

Below you’ll find two examples of creating CSR using OpenSSL.

In the first example, i’ll show how to create both CSR and the new private key in one command.

And in the second example, you’ll find how to generate CSR from the existing key (if you already have the private key and want to keep it).

Both examples show how to create CSR using OpenSSL non-interactively (without being prompted for subject), so you can use them in any shell scripts.

Create CSR and Key Without Prompt using OpenSSL

Use the following command to create a new private key 2048 bits in size example.key and generate CSR example.csr from it:

$ openssl req -nodes -newkey rsa:2048 -keyout example.key -out example.csr -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=example.com"
OptionDescription
openssl req certificate request generating utility
-nodes if a private key is created it will not be encrypted
-newkey creates a new certificate request and a new private key
rsa:2048 generates an RSA key 2048 bits in size
-keyout the filename to write the newly created private key to
-out specifies the output filename
-subj sets certificate subject

Generate CSR From the Existing Key using OpenSSL

Use the following command to generate CSR example.csr from the private key example.key:

$ openssl req -new -key example.key -out example.csr -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=example.com"
OptionDescription
openssl req certificate request generating utility
-new generates a new certificate request
-key specifies the file to read the private key from
-out specifies the output filename
-subj sets certificate subject

Automated Non-Interactive CSR Generation

The magic of CSR generation without being prompted for values which go in the certificate’s subject field, is in the -subj option.

-subj arg Replaces subject field of input request with specified data and outputs modified request. The arg must be formatted as /type0=value0/type1=value1/type2=…, characters may be escaped by \ (backslash), no spaces are skipped.

The fields, required in CSR are listed below:

FieldMeaningExample
/C= Country GB
/ST= State London
/L= Location London
/O= Organization Global Security
/OU= Organizational Unit IT Department
/CN= Common Name example.com

You’ve created encoded file with certificate signing request.

Now you can decode CSR to verify that it contains the correct information.

0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
Szybkie sprawdzenie zewnętrznego adresu IP i hosta
Viewed 2107 times since Thu, May 24, 2018
ZPOOL: Add a mirror to a concat zpool
Viewed 1995 times since Sun, Jun 3, 2018
Linux How to reset a root password on Fedora
Viewed 880 times since Sun, Dec 6, 2020
SSH Essentials: Working with SSH Servers, Clients, and Keys
Viewed 2710 times since Wed, Jun 27, 2018
KONTO SFTP Z CHROOTEM Z UŻYCIEM OPENSSH-SERVER NA CENTOS/RHEL6
Viewed 887 times since Fri, Nov 30, 2018
Tip: SSD and Linux. Enable TRIM and check if it works
Viewed 2423 times since Fri, May 15, 2020
20 Linux Command Tips and Tricks That Will Save You A Lot of Time linux
Viewed 3044 times since Thu, Apr 18, 2019
Index » Community Contributions » System encryption using LUKS and GPG encrypted keys for arch linux
Viewed 1199 times since Fri, Jul 13, 2018
linux ssh How to Hide the OpenSSH Version Details when Telnet to Port 22
Viewed 1804 times since Wed, Apr 22, 2020
Turbocharge PuTTY with 12 Powerful Add-Ons – Software for Geeks #3
Viewed 11527 times since Sun, Sep 30, 2018