User Tools

Site Tools


howtos:generate_a_certificate_signing_request_with_san

Make a copy of openssl.cnf:

cd /var/tmp
mkdir mySSL
cp /usr/share/ssl/openssl.cnf /var/tmp/mySSL/myssl.cnf

Insert SAN names into myssl.cnf. Edit the custom openssl.cnf file (/var/tmp/mySSL/myssl.cnf) and add the following information to the end of the file:

  
   [ req_ext ]
   subjectAltName    = @alt_names
   
   [ alt_names ]
   DNS.1    = <FQDN>
   DNS.2    = <host.domain1>
   DNS.3    = <host.domain2>
   DNS.4    = <host.domain3>
   ...
   DNS.x    = <host.domainx>

For example:

  [ req_ext ]
   subjectAltName    = @alt_names
   
   [ alt_names ]
   DNS.1    = www.example.com
   DNS.2    = test.example.com
   DNS.3    = mail.example.com
   DNS.4    = www.example.net

Create the certificate request:

openssl req -new -nodes -newkey rsa:2048 -config /var/tmp/mySSL/myssl.cnf -reqexts req_ext -keyout /var/tmp/mySSL/www.example.com.key -out /var/tmp/mySSL/www.example.com.csr
howtos/generate_a_certificate_signing_request_with_san.txt · Last modified: 02/12/2018 21:34 by 127.0.0.1