From 0cebad6e4330b4ef22b54ca0c627c1051d4b591b Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 21 Jan 2020 14:10:57 +0100 Subject: [PATCH] fix in one-liners (csr from existing cert) - signed-off-by: trimstray --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 53bb474..3e7b7ce 100644 --- a/README.md +++ b/README.md @@ -2501,6 +2501,8 @@ openssl req -out ${_fd_csr} -new -key ${_fd} ) ###### Generate CSR (metadata from existing certificate) + > Where `private.key` is the existing private key. As you can see you do not generate this CSR from your certificate (public key). Also you do not generate the "same" CSR, just a new one to request a new certificate. + ```bash ( _fd="private.key" ; _fd_csr="request.csr" ; _fd_crt="cert.crt" ; \ openssl x509 -x509toreq -in ${_fd_crt} -out ${_fd_csr} -signkey ${_fd} ) @@ -2512,7 +2514,7 @@ openssl x509 -x509toreq -in ${_fd_crt} -out ${_fd_csr} -signkey ${_fd} ) ( _fd="private.key" ; _fd_csr="request.csr" ; \ openssl req -new -sha256 -key ${_fd} -out ${_fd_csr} \ -config <( -cat <<-EOF +cat << __EOF__ [req] default_bits = 2048 default_md = sha256 @@ -2535,7 +2537,7 @@ subjectAltName = @alt_names DNS.1 = DNS.2 = DNS.3 = -EOF +__EOF__ )) ```