I was hoping someone here could advise me with a NetSUS query?
I'm trying to generate a CSR to get our cert renewed. However, using the web interface it only generates a 2048-bit file, and we need a 4096-bit. I also noted that it only uses the servers CN as well, and given the recent changes to how Chrome is ceasing support of CN certs, I also need to add some SANs to the request, and I can't see a way to add them using the web interface.
Its the VM appliance version of NetSUS, running on Ubuntu 14.04. Is there a way this can be customised, or done via a command line to generate a CSR that meets our requirements?
Adding SAN entries with the openssl command line is a pig. Download the free Java app XCA which acts as a front-end for openssl. This makes it much easier to both generate CSR and certs with additional settings like SAN entries.
See [https://sourceforge.net/projects/xca/](link https://sourceforge.net/projects/xca/)
You can also create templates and via that should be able to define common settings like key length.
Note: key length is the length of your private key. This is not related directly to a CSR since you will have created your private key before creating a CSR. Also renewing a cert should renew it against the same original key so if the key is already 4096 bits it should remain 4096 bits.
For what it's worth Apple's KeyChain Access utility is incapable of doing SAN entries.