Generate CSR with 2 OU Names

openssl certificate keytool certificate-authority

10,611

Solution 1

If you want to do it via CLI you can use either a conf file or pass the -subj argument. Here's an example with -subj

openssl req -new -newkey rsa:2048 -nodes -subj "/CN=somedomain.com/O=My Corporation/OU=Org Unit 1/OU=Org Unit 2"

You can add in ST, L, C, and any other shortName OpenSSL recognizes (along with raw OIDs).

Solution 2

hope this helps I banged my head for several hours till i found it, You can also try this command

openssl req -new -key username.key -out username.csr -config client/client.csr.cnf

here's the client.csr.cnf

    [req]
    default_bits = 2048
    distinguished_name = req_distinguished_name
    prompt = no
    [req_distinguished_name]
    DC= com
    0.DC= company
    OU= organizations
    0.OU= telos
    1.OU= telosapac
    CN= USERNAMEPATTERN

notice the number before the subject attribute 0.DC, 0.OU, 1.OU there should be a number prefix representing the index of the subject entries

10,611

Author by

DanMatlin

Updated on June 04, 2022

Comments

DanMatlin almost 2 years

I have to create an application which generates a CSR. While generating a CSR we are required to fill in several details like CN, OU, etc. The problem is that the Certifying Authority to which I have to send my CSR wants 2 OU(Organizational Unit) Names. I googled a lot but couldn't find anything using either openssl or java keytool by which I can specify 2 OU Names.

Can someone please tell me how I can specify 2 OU Names while generating the CSR?