Generate SSL CSR (Certificate Signing Request) from Command line without prompt

CSR with special chars?

  • Add -utf8 to the openssl command
  • If connecting via Putty set Windows Translation Remote character set to UTF.8

Without multiple DNS names:

openssl req -nodes -newkey rsa:2048 -sha256 -keyout HOST.domain.tld.key -out HOST.domain.tld.csr -utf8 -subj "/C=PT/ST=Açores/L=Ponta Delgada/O=Governo dos Açores/OU=Secretaria Regional das Obras Públicas e Comunicações/OU=Direção Regional das Comunicações/CN=HOST.domain.tld" -addext "subjectAltName=DNS:HOST.domain.tld"

With multiple DNS names:

openssl req -nodes -newkey rsa:2048 -sha256 -keyout HOST.domain.tld.key -out HOST.domain.tld.csr -utf8 -subj "/C=PT/ST=Açores/L=Ponta Delgada/O=Governo dos Açores/OU=Secretaria Regional das Obras Públicas e Comunicações/OU=Direção Regional das Comunicações/CN=HOST.domain.tld" -addext "subjectAltName=DNS.1:HOST.domain.tld,DNS.2:HOST01.domain.tld,DNS.3:HOST02.domain01.tld,DNS.4:HOST03.domain02.tld"

Verify the CSR file:

openssl req -in HOST.domain.tld.csr -text -noout

Verify the certificate file:

openssl x509 -in HOST.domain.tld.crt -text -noout

For more information: