There is no support for adding the -ou parameter to set the organizational unit when creating the CSR. However, you can generate the .csr file with the ou information included as follows:
-
Copy the openssl template from C:\Program Files (x86)\j5\framework\packages\j5\Setup\templates\openssl.cnf.jinja2 and paste it somewhere convenient as openssl.cnf.
-
Open openssl.cnf with a text editor, search for {{ FQDN }}, which is located under [alt_names], and replace it with your server Fully Qualified Domain Name (FQDN).
For example, j5ServerHostName.FullyQualifiedDomainName.com. Additionally, you can list all your j5 Server Aliases and IP addresses in the following format:
[alt_names]
DNS.1 = j5ServerHostName.FullyQualifiedDomainName.com
DNS.2 = j5ServerHostName
DNS.3 = localhost
IP.1 = 11.222.333.1
IP.2 = 11.222.333.2
-
Run openssl with the parameters given below, where everything in the <> brackets need to be replaced with the correct values:
"C:\Program Files (x86)\j5\framework\apache2\bin\openssl" req -new -newkey rsa:4096 -nodes -sha256 -keyout <path_to_your_j5-prod.key> -config <path_to_your_openssl.cnf> -extensions v3_req -subj "/C=<country>/ST=<state>/L=<location>/O=<Organization>/OU=<Organizational Unit>/CN=<j5ServerHostName.FullyQualifiedDomainName.com>" -days 365 -out <path_to_your_j5-prod.csr>