HowTo: Create CSR using OpenSSL Without Prompt (Non-Interactive) -

HowTo: Create CSR using OpenSSL Without Prompt (Non-Interactive)

In this article you’ll find how to generate CSR (Certificate Signing Request) using OpenSSL from the Linux command line, without being prompted for values which go in the certificate’s subject field.

Below you’ll find two examples of creating CSR using OpenSSL.

In the first example, i’ll show how to create both CSR and the new private key in one command.

And in the second example, you’ll find how to generate CSR from the existing key (if you already have the private key and want to keep it).

Both examples show how to create CSR using OpenSSL non-interactively (without being prompted for subject), so you can use them in any shell scripts.

Create CSR and Key Without Prompt using OpenSSL

Use the following command to create a new private key 2048 bits in size example.key and generate CSR example.csr from it:

$ openssl req -nodes -newkey rsa:2048 -keyout example.key -out example.csr -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=example.com"

Option	Description
openssl req	certificate request generating utility
-nodes	if a private key is created it will not be encrypted
-newkey	creates a new certificate request and a new private key
rsa:2048	generates an RSA key 2048 bits in size
-keyout	the filename to write the newly created private key to
-out	specifies the output filename
-subj	sets certificate subject

Generate CSR From the Existing Key using OpenSSL

Use the following command to generate CSR example.csr from the private key example.key:

$ openssl req -new -key example.key -out example.csr -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=example.com"

Option	Description
openssl req	certificate request generating utility
-new	generates a new certificate request
-key	specifies the file to read the private key from
-out	specifies the output filename
-subj	sets certificate subject

Automated Non-Interactive CSR Generation

The magic of CSR generation without being prompted for values which go in the certificate’s subject field, is in the -subj option.

-subj arg

Replaces subject field of input request with specified data and outputs modified request. The arg must be formatted as /type0=value0/type1=value1/type2=…, characters may be escaped by \ (backslash), no spaces are skipped.

The fields, required in CSR are listed below:

Field	Meaning	Example
/C=	Country	GB
/ST=	State	London
/L=	Location	London
/O=	Organization	Global Security
/OU=	Organizational Unit	IT Department
/CN=	Common Name	example.com

You’ve created encoded file with certificate signing request.

Now you can decode CSR to verify that it contains the correct information.

Article Number: 492
Posted: Mon, Feb 18, 2019 3:58 PM
Last Updated: Mon, Feb 18, 2019 3:58 PM

Online URL: http://kb.ictbanking.net/article.php?id=492