Published on 9 Nov 2022 2 min read

CSR generation script

sometimes the only option is to do SSL manually. This article is for those times.

Ideally Let’s Encrypt and Certbot will just ✨automagically⚡ generate all your SSL certificates, but if you’re working with internal services (basically anything not exposed to the public internet), or legacy systems that are very specific about the CA / root certificate, you’ll still need to generate some certificate signing requests (CSRs) and request a certificate the old-school way from someone like GoDaddy, NameCheap, or Entrust.

My solution

openssl is great, but I find it really hard to remember the commands to generate the CSR goodies you need. To make things a bit easier I used a CSR generation script in my home folder.

# makecsr.sh
# if there is no argumenet error out. 
if [ -z $1 ]
then
        echo "please provide a fully qualified domain name (i.e. app.mykal.codes)"
        echo "makecsr.sh <fqdn>"
        exit 1
fi

# if there is a valid fully qualified domain name...
# generate a certificate using SSL 
openssl req -new -newkey rsa:2048 -nodes -keyout $1__private.key -out $1__csr.csr -subj "/C=CA/ST=BC/L=Vancouver/O=Tinybox Software Development/OU=Mykal Machon/CN=$1"

# output the location and filenames for the new CSR and Private key.
echo "generated a CSR and Private Key for ya!"
echo "./$1__csr.csr"
echo "./$1__private.key"

Then when I need a certificate it’s as easy as running this in my terminal.

~/scripts/makecsr.sh app.mykal.codes
generated a CSR and Private Key for ya!
./app.mykal.codes__csr.csr
./app.mykal.codes__private.key

Take those newly generated CSR file off to your certificate authority of choice, and move your private key to the legacy/internal server in preparation for your new SSL certificates.