openssl req -new -newkey rsa:4096 -keyout key.pem -noenc -out csr.pem -sha512 \
-addext 'subjectAltName = DNS:foo.example.com, DNS:bar.example.com, IP:192.0.2.35' \
-subj '/C=IN/ST=State/L=Location/O=Organization/OU=OrgUnit/CN=foo.example.com/emailAddress=foo@example.com'
This creates a new RSA4096 key in key.pem
and the corresponding CSR in csr.pem
. The CSR can then be verified: