generate Certificate request using OpenSSL for Unified Com devices

The below is the template I use for either a CUCM, VCS-E, Acano, Pexip or Lync certificate request

Create a file “openssl_config.cnf” and add the following:
distinguished_name = req_distinguished_name
req_extensions = v3_req
default_md = sha256
default_keyfile = private_key.pem

organizationName = OrganizationName (Company name)
organizationalUnitName = Organizational Unit Name (IT)
localityName = Locality Name (eg, city)
stateOrProvinceName = State or Province Name (full name)
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
commonName = Common Name (FQDN)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 40

#Default values for the above
organizationName_default = Network Packet Ltd
organizationalUnitName_default = IT
localityName_default = Edinburgh
stateOrProvinceName_default = Scotland
countryName_default = UK
emailAddress_default =
commonName_default =

#Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth,clientAuth
subjectAltName = @alt_names

DNS.1 =

If your using a Win O/S I assume OpenSSL is installed and its in your system path (Linux/Unix installed by default)

In DOS use the following cmd to generate the .csr
openssl req -out pexip.webrtc.csr -new -newkey rsa:2048 -nodes -keyout pexip.webrtc.csr.key -config openssl_config.cnf

Common OpenSSL cmd:
!To view the certificate request in plain text
openssl req -in pexip.webrtc.csr -noout -text

!Convert a DER file (.crt .cer .der) to PEM
openssl x509 -inform der -in pexip.webrtc.cer -out pexip.webrtc.pem

About Alexis Katsavras

Working as Freelance Cisco Unified Communications Consultant in the UK.