User Tools

Site Tools


howtos:generate_a_certificate_signing_request_with_san

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

howtos:generate_a_certificate_signing_request_with_san [d/m/Y H:i] (current)
Line 1: Line 1:
 +Make a copy of openssl.cnf:​
  
 +<​code>​
 +cd /var/tmp
 +mkdir mySSL
 +cp /​usr/​share/​ssl/​openssl.cnf /​var/​tmp/​mySSL/​myssl.cnf
 +
 +</​code>​
 +
 +Insert SAN names into myssl.cnf.
 +Edit the custom openssl.cnf file (/​var/​tmp/​mySSL/​myssl.cnf) and add the following information to the end of the file:
 +<​file>  ​
 +   [ req_ext ]
 +   ​subjectAltName ​   = @alt_names
 +   
 +   [ alt_names ]
 +   ​DNS.1 ​   = <​FQDN>​
 +   ​DNS.2 ​   = <​host.domain1>​
 +   ​DNS.3 ​   = <​host.domain2>​
 +   ​DNS.4 ​   = <​host.domain3>​
 +   ...
 +   ​DNS.x ​   = <​host.domainx>​
 +</​file>​
 +
 +For example:  ​
 +<​file>​
 +  [ req_ext ]
 +   ​subjectAltName ​   = @alt_names
 +   
 +   [ alt_names ]
 +   ​DNS.1 ​   = www.example.com
 +   ​DNS.2 ​   = test.example.com
 +   ​DNS.3 ​   = mail.example.com
 +   ​DNS.4 ​   = www.example.net
 +</​file>​
 +
 +Create the certificate request:
 +
 +<​code>​
 +openssl req -new -nodes -newkey rsa:2048 -config /​var/​tmp/​mySSL/​myssl.cnf -reqexts req_ext -keyout /​var/​tmp/​mySSL/​www.example.com.key -out /​var/​tmp/​mySSL/​www.example.com.csr
 +</​code>​
howtos/generate_a_certificate_signing_request_with_san.txt · Last modified: d/m/Y H:i (external edit)