CSR Certificate Generation

AdrianH

Occasional Visitor
Hi All,

Is there a "easy" way to generate a CSR for a SSL certificate that can be used on my Asus-RTAX88U router.

I just want to buy a 5 year Positive SSL from Comodo to use with my domain currently setup at Google Domains (that is currently setup in DDNS), but Comodo and probably all others want a CSR.

I currently use ZeroSSL but they can "Auto-Generate CSR" which is nice.

Any ideas?
 

dave14305

Part of the Furniture
Can you follow any internet guide to generate a CSR using openssl at the command line?
 

AdrianH

Occasional Visitor
Yeah, I can give it a go :)

I found this but I don't think this is the same as this is self-signed.

 

dave14305

Part of the Furniture
What about something like this?


Just be sure to save the files to /jffs or USB so you don’t lose them on a reboot.
 

AdrianH

Occasional Visitor
@dave14305

I managed to generate a CSR with that link you posted. Did take a little tweaking, but will post what I did below.

Firstly, I created a file in the tmp folder on the router named altnames.cnf. This file was then populated with the below which had the details of the certificate I needed. mydomain.com is just an example domain, use your own, along with your own regional/org details.

Code:
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = GB
ST = Essex
L = MyHomeTown
O = Private
OU = Private
CN = home.mydomain.com
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = home.mydomain.com
DNS.2 = mydomain.com

I than ran the following command while in that same folder as above (note the filename at end of the command):

Code:
openssl req -new -newkey rsa:2048 -nodes -keyout home.mydomain.com.key -out home.mydomain.com.csr -config altnames.cnf

This then generated the CSR and private key in the tmp folder. I could then use the home.mydomain.com.csr to generate a certificate at your SSL provider (mine being https://cheapsslsecurity.co.uk) by just copying the text directly out of the CSR file. After validating the domain by adding a cname to my domain, the certificate was available for download.

Upon uploading the SSL certificate, I could upload to the router. You will need to upload the private key file, namely the home.mydomain.com.key file. And then you upload the certificate from the provider, and Bob's your uncle!


1657035888653.png
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top