With openssl you can rework an existing CSR, this is useful when it comes time to replace or upgrade existing certificates within your enterprise. It ensures that only the exact details you wish to edit in your final cert are touched, and the rest of the settings get imported from the original request.
In the example below we take the existing CSR in the file /tmp/csr1 and additionally add rsa key size 4096, was 1024 and we extend the validity to 1060 days.
Break down of command line arguments
Argument: -in /tmp/example.csr
Description: The CSR (Certificate Server Request) file path, this certificate request file is loaded and reworked in our example.
Argument: -newkey: rsa:4096
Description: Specifying an RSA key of 4096 bits
Argument: -new
Description: This simply instructs openssl that we want to generate a new CSR
Argument: -days 1068
Description: Choose that new certificate to have a 3 year lifetime.
Argument: -text
Description: Specifies text formatting
Argument: -out /tmp/subca.csr
Description: Specifies the file to write out the regenerated CSR to.
Example of the commands in the shell
openssl req -in /tmp/csr1 -newkey rsa:4096 -new -days 1068 -text -out /tmp/subca.csr
This process creates a new CSR in the file /tmp/subca.csr
