In this example, I'm crafting a CSR that will use "X509v3 Subject Alternative Names" and with a sha2 signature.
The below is the content of my values
The window's cmd.exe needs to be ran as "Administrator" level , and then you can call the above saved text from the cli for the generation of the CSR.
certreq -new yournamedinitfile.txt <thecsrnamed_output>
This will generate a base CSR that can be uploaded to any CA for signing.
Key items to notice;
- the "HashAlgorithm" value is set to ensure sha1 is not used.
- DNS value are set for alternatveNames, just string out the dns= value for the altNames
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
=( @ @ )=