2

I try to create a Certificate Signing Request (CSR) using

openssl req -new -sha256 -key domain.key -subj "/" \ -reqexts SAN -config <(cat /System/Library/OpenSSL/openssl.cnf \ <(printf "[SAN]\nsubjectAltName=DNS:foo.com,DNS:www.foo.com"))

but getting the following error message on my macbook

cat: /dev/fd/63: No such file or directory

unknown option -reqexts

Any ideas?

Community
  • 1
  • 1
dknaack
  • 60,192
  • 27
  • 155
  • 202
  • As far as I know, the only way to create CSR and Certificates using OpenSSL command line tools with names in the SAN is by using a configuration file. To see how to use a conf file for CSR and Certificates, visit [How to create a self-signed certificate with openssl?](http://stackoverflow.com/a/27931596/608639) – jww Dec 11 '15 at 19:08
  • Iam not an expert in this area but the accepted answer fits my needs. Thanks for your time! – dknaack Dec 11 '15 at 19:10

3 Answers3

2

Your command is probably copy&paste of a multi-line command where backslashes are used to join lines, however you somehow managed to get newlines converted to spaces.

Remove all occurences of "backslash + space".

zakjan
  • 2,391
  • 1
  • 19
  • 29
1

I came across this question and in my case I did not have any \ , but I was using sudo so I had to use sudo su -c

$ sudo su -c 'openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-blah.blah.com.key -new -out /etc/ssl/certs/nginx-blah.blah.com.crt -subj "/O=blah.com/OU=blah/CN=blah.blah.com" -reqexts SAN -extensions SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:blah.blah.com,IP:192.168.174.128")) -sha256'
Rui Lima
  • 7,185
  • 4
  • 31
  • 42
0

In some cases not mounted devpts can lead to the same error print. So needed to do: mount -t devpts devpts /dev/pts

Maxim Uvarov
  • 1