There is no support for adding the -ou parameter to set the organizational unit when creating the CSR. However, you can generate the .csr file with the ou information included as follows:
-
Copy the openssl template from C:\Program Files\j5\framework\packages\j5\Setup\templates\openssl.cnf.jinja2 and paste it somewhere convenient as openssl.cnf.
-
Open the openssl.cnf file with a text editor.
-
Locate the placeholder text {{ FQDN }} within the [alt_names] section. Remove the curly brackets and replace the placeholder with the Fully Qualified Domain Name (FQDN) for your server.
For example, if your FQDN is j5ServerHostName.FullyQualifiedDomainName.com, the line should look like this:
[alt_names]
DNS.1 = j5ServerHostName.FullyQualifiedDomainName.com
DNS.2 = j5ServerHostName
DNS.3 = j5AccessURL
DNS.4 = localhost
IP.1 = 11.222.333.1
IP.2 = 11.222.333.2
and so on ...
-
You can use the status IP address for your server instead of its FQDN.
-
To find the Fully Qualified Domain Name (FQDN), either:
-
Open your View Advanced System Settings - Your FQDN is the Full device name, or
-
Open your PC properties (This PC) - Your FQDN is the Full computer name.
-
-
Don't modify any other part of the openssl.cnf file.
-
-
Create a random number generator file to securely create CSR using the OpenSSL tool.
-
Run command prompt as administrator.
-
Run this command from within this folder: C:\Users\myuser\Downloads\Certificate
"C:\Program Files\j5\framework\apache2\bin\openssl" rand -out .rnd 4096
-
-
Run openssl with the parameters given below, where everything in the <> brackets need to be replaced with the correct values:
"C:\Program Files\j5\framework\apache2\bin\openssl" req -x509 -new -newkey rsa:4096 -nodes -sha256 -keyout <path_to_your_j5-prod.key> -config <path_to_your_openssl.cnf> -extensions v3_req -subj "/C=<country>/ST=<state>/L=<location>/O=<Organization>/OU=<Organizational Unit>/CN=<j5ServerHostName.FullyQualifiedDomainName.com>" -days 398 -out <path_to_your_j5-prod.csr>