Generate Certificate Signing Requests (CSRs) for TLS Server Certificates

Overview

In this article, a procedure is described to generate multiple certificate signing requests (CSR) for TLS servers, such as SMTP-, IMAP- or HTTP-servers, so that we can submit them to a Certificate Authority (CA). The CA will eventually perform the signature and return a public certificate to us.

A Shell and the software OpenSSL should be available.

The subject organization (the entity the request is for) is assumed to be the same on every request, and the subject alternative names are assumed to follow the same pattern (the DNS name of some service plus a „www.“ DNS alias for that service).

The procedure can easily be expanded to make more request information configurable and allow, for example, processing a CSV file into a set of requests.