howtos:generate_a_certificate_signing_request_with_san
Make a copy of openssl.cnf:
cd /var/tmp mkdir mySSL cp /usr/share/ssl/openssl.cnf /var/tmp/mySSL/myssl.cnf
Insert SAN names into myssl.cnf. Edit the custom openssl.cnf file (/var/tmp/mySSL/myssl.cnf) and add the following information to the end of the file:
[ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.1 = <FQDN> DNS.2 = <host.domain1> DNS.3 = <host.domain2> DNS.4 = <host.domain3> ... DNS.x = <host.domainx>
For example:
[ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.1 = www.example.com DNS.2 = test.example.com DNS.3 = mail.example.com DNS.4 = www.example.net
Create the certificate request:
openssl req -new -nodes -newkey rsa:2048 -config /var/tmp/mySSL/myssl.cnf -reqexts req_ext -keyout /var/tmp/mySSL/www.example.com.key -out /var/tmp/mySSL/www.example.com.csr
howtos/generate_a_certificate_signing_request_with_san.txt · Last modified: 02/12/2018 21:34 by 127.0.0.1