OpenSSL CSR Generator

Fill in the fields below to build an OpenSSL SAN config file (openssl.cnf) and generate the commands to create a Certificate Signing Request (CSR). The generated config is compatible with OpenSSL and LibreSSL.

Subject Fields

Common Name (CN) *

Organization (O)

Organizational Unit (OU)

Email Address

Locality / City (L)

State / Province (ST)

Country (C)

Subject Alternative Names (SAN)

Comma or newline-separated list of domains or IP addresses. The CN is added automatically if no SANs are provided.

Key Options

Key Type & Size

Digest / Hash Algorithm

The OpenSSL CSR Generator produces a ready-to-use openssl.cnf SAN config file and the matching openssl req commands you need to generate a Certificate Signing Request. Save the config and run the commands on your server. Submit the resulting server.csr to your Certificate Authority (CA) to obtain a signed certificate.

Typical workflow

Fill in the subject fields and Subject Alternative Names above.
Click Generate CSR Config to produce an openssl.cnf SAN config and the matching commands.
Save the config file and run the commands on your server.
Submit server.csr to your CA and keep server.key private.

OpenSSL CSR example commands

The commands generated above follow the standard openssl req workflow. For an RSA key, the sequence is:

openssl genrsa -out server.key 2048
                openssl req -new -key server.key -out server.csr -config openssl.cnf
                openssl req -in server.csr -noout -text -verify

OpenSSL SAN config compatibility

The generated openssl.cnf uses the [ req ], [ req_distinguished_name ], [ v3_req ], and [ alt_names ] sections defined in the PKCS#10 standard. This format is fully compatible with OpenSSL (all versions) and LibreSSL, the OpenSSL fork used on macOS and OpenBSD. You can use the same openssl.cnf on Linux, macOS, and Windows (via WSL or Git Bash).