CSR generation doesn’t have to be interactive. Using a custom OpenSSL configuration file, you can both automate the process (as explained in this section) and do certain things that are not possible interactively (e.g., how to have multiple domain names in the same certificate, as discussed in subsequent sections).
For example, let’s say that we want to automate the generation of a CSR for
www.feistyduck.com. We would start by creating a file
fd.cnf with the following contents:
[req] prompt = no distinguished_name = dn req_extensions = ext input_password = PASSPHRASE [dn] CN = www.feistyduck.com emailAddress = firstname.lastname@example.org O = Feisty Duck Ltd L = London C = GB [ext] subjectAltName = DNS:www.feistyduck.com,DNS:feistyduck.com
Now you can create the CSR directly from the command line:
$ openssl req -new -config fd.cnf -key fd.key -out fd.csr