Lnxgeek.org Wiki - Freedom of choice, I choose Freedom

User Tools

Site Tools

You are here: start » howtos » generate_a_certificate_signing_request_with_san
howtos:generate_a_certificate_signing_request_with_san

Make a copy of openssl.cnf: 

cd /var/tmp
mkdir mySSL
cp /usr/share/ssl/openssl.cnf /var/tmp/mySSL/myssl.cnf

Insert SAN names into myssl.cnf. Edit the custom openssl.cnf file (/var/tmp/mySSL/myssl.cnf) and add the following information to the end of the file: 

  
   [ req_ext ]
   subjectAltName    = @alt_names
   
   [ alt_names ]
   DNS.1    = <FQDN>
   DNS.2    = <host.domain1>
   DNS.3    = <host.domain2>
   DNS.4    = <host.domain3>
   ...
   DNS.x    = <host.domainx>

For example: 

  [ req_ext ]
   subjectAltName    = @alt_names
   
   [ alt_names ]
   DNS.1    = www.example.com
   DNS.2    = test.example.com
   DNS.3    = mail.example.com
   DNS.4    = www.example.net

Create the certificate request: 

openssl req -new -nodes -newkey rsa:2048 -config /var/tmp/mySSL/myssl.cnf -reqexts req_ext -keyout /var/tmp/mySSL/www.example.com.key -out /var/tmp/mySSL/www.example.com.csr
howtos/generate_a_certificate_signing_request_with_san.txt · Last modified: d/m/Y H:i by 127.0.0.1