Csr generation gnutls

Configure Certificate

Please enter the hostname for which you want to request a certificate:

Select algorithm and key strength for private key: ECDSA P-384 curve

With GnuTLS, you can generate a key and the related CSR using the command line. FQHN is the Fully Qualified Host Name.

Use the following command in order to generate the private key:

certtool --generate-privkey \
  --key-type=ecdsa --curve=secp384r1 \
  --outfile 'FQHN.key'

Create a template file named FQHN.txt containing the following content:

organization = "Karlsruhe Institute of Technology"
locality = "Karlsruhe"
state = "Baden-Wuerttemberg"
country = DE
cn = "FQHN"
dns_name = "FQHN"

In order to add Subject Alternative Names (SANs), add additional dns_name lines to the previously created template file FQHN.txt:

dns_name = "additional-hostname.ifmb.kit.edu"
dns_name = "another-hostname.ifmb.kit.edu"

You can now create the CSR:

certtool --generate-request --hash SHA256 --no-text \
 --load-privkey 'FQHN.key' \
 --template 'FQHN.txt' \
 --outfile 'FQHN.req'