/ SSL

OpenSSL CSR generation in a single command

If you need to generate a CSR, OpenSSL has a helpful prompt interface for completing the required fields one at a time. However, if you are using automation, collecting STDIN is not always an option.

While working with Ansible, I learned that OpenSSL CSR generation allows you to pass the appropriate details using the -subj parameter like in this example:

# C:  Country Code
# ST: State (Region)
# L:  Locality (City)
# O:  Organization
# OU: Organizational Unit
# CN: Common Name

openssl req \
  -subj "/C=US/ST=Ohio/L=Columbus/O=Acme Company/OU=Acme/CN=example.com" \
  -newkey rsa:2048 -nodes \
  -keyout example_com.key \
  -out example_com.csr

Now you can continue uninterrupted without needing to manually enter details anytime you generate a CSR.