This openssl command will generate both a *.key and *.csr file for getting a new cert. The *.key file is a private key that is used to sign the CSR (*.csr), and the *.csr file is what gets sent to OCIO to get a new cert from the CA. We just have to make sure there's a way to upload the new certs to the proper location on the servers in question (in this case the iDRACs and the Digi Terminal Servers).   $ openssl req -nodes -newkey rsa:2048 -sha256 -keyout lcls-dev5-mgt_slac_stanford_edu.key -out lcls-dev5-mgt_slac_stanford_edu.csr -subj "/C=US/ST=CA/L=Menlo Park/O=SLAC National Accelerator Laboratory/OU=Computing Division/CN=lcls-dev5-mgt.slac.stanford.edu/emailAddress=controls-system-admins@slac.stanford.edu"   The "-subj" argument takes in a specially formatted string containing all of the information needed to generate the CSR like Country (/C), State (/ST), etc. Without using this argument you would have to enter the information interactively as seen in my procedure outlined in the document below.   Here is my document regarding the step-by-step procedure for generating a CSR and acquiring a new cert for MCCELOG: http://www.slac.stanford.edu/grp/cd/soft/unix/slaconly/OperationsE-LogSSLCertificateRenewal.html

Common Name: Server Organizational Name: SLAC National Accelerator Laboratory Organizational Unit:  Computing Division Locality: Menlo Park State Name: CA Country Code:  United States Email:  controls-system-admins@slac.stanford.edu

[root@dev-rhel7 certs]# openssl req -new -days 365 -x509 -nodes -out /etc/pki/tls/certs/localhost.crt -keyout /etc/pki/tls/private/localhost.key Generating a 2048 bit RSA private key ....................+++ ...........+++ writing new private key to '/etc/pki/tls/private/localhost.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:US State or Province Name (full name) []:CA Locality Name (eg, city) [Default City]:Menlo Park Organization Name (eg, company) [Default Company Ltd]:SLAC Organizational Unit Name (eg, section) []:AD Common Name (eg, your name or your server's hostname) []:dev-rhel7 Email Address []:brobeck@slac.stanford.edu