Create a certificate with subject

Per best practice, Buypass AS has removed the generation of a default Subject in certificates where this is not specified.  Eg. Certbot does not create a CSR with this CN (Subject) specified.

If one would like to force this, one must generate a CSR prior to requesting the certificate using the ACME protocol and eg. Certbot.  Which can be done as shown below, by generating keys and a CSR where one specifies the CN/Subject. Then one can request a certificate using Certbot.

<USERNAME>@<HOSTNAME>:~$ openssl req -new -newkey rsa:2048 -nodes -keyout your-domain.key -out your-domain.csr
Generating a 2048 bit RSA private key
writing new private key to 'your-domain.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:<COUNTRY>
State or Province Name (full name) [Some-State]:<STATE>
Locality Name (eg, city) []:<CITY>
Organization Name (eg, company) [Internet Widgits Pty Ltd]:<COMPANY NAME>
Organizational Unit Name (eg, section) []:<UNIT NAME>
Common Name (e.g. server FQDN or YOUR name) []:<FQDN_WHICH_BECOMES_SUBJECT>
Email Address []:<EMAIL>

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

To request a certificate with a specified CSR, use the following certbot command.

/opt/certbot/certbot-auto certonly --nginx --csr your-domain.csr --server "https://api.buypass.com/acme/directory/"

To inspect and verify the CSR, use the following command from the openssl tool suite.

<USERNAME>@<HOSTNAME>:~$ openssl req -in your-domain.csr -noout -text
Certificate Request:
        Version: 0 (0x0)
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • 3 yrs agoLast active
  • 1119Views
  • 2 Following

Buypass Official Community

This is the official community of Buypass.  A Root CA located in Norway.