User Tools

Site Tools


howtos:generate_a_certificate_signing_request_with_san
no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


howtos:generate_a_certificate_signing_request_with_san [02/12/2018 21:34] (current) – created - external edit 127.0.0.1
Line 1: Line 1:
 +Make a copy of openssl.cnf:
  
 +<code>
 +cd /var/tmp
 +mkdir mySSL
 +cp /usr/share/ssl/openssl.cnf /var/tmp/mySSL/myssl.cnf
 +
 +</code>
 +
 +Insert SAN names into myssl.cnf.
 +Edit the custom openssl.cnf file (/var/tmp/mySSL/myssl.cnf) and add the following information to the end of the file:
 +<file>  
 +   [ req_ext ]
 +   subjectAltName    = @alt_names
 +   
 +   [ alt_names ]
 +   DNS.1    = <FQDN>
 +   DNS.2    = <host.domain1>
 +   DNS.3    = <host.domain2>
 +   DNS.4    = <host.domain3>
 +   ...
 +   DNS.x    = <host.domainx>
 +</file>
 +
 +For example:  
 +<file>
 +  [ req_ext ]
 +   subjectAltName    = @alt_names
 +   
 +   [ alt_names ]
 +   DNS.1    = www.example.com
 +   DNS.2    = test.example.com
 +   DNS.3    = mail.example.com
 +   DNS.4    = www.example.net
 +</file>
 +
 +Create the certificate request:
 +
 +<code>
 +openssl req -new -nodes -newkey rsa:2048 -config /var/tmp/mySSL/myssl.cnf -reqexts req_ext -keyout /var/tmp/mySSL/www.example.com.key -out /var/tmp/mySSL/www.example.com.csr
 +</code>
howtos/generate_a_certificate_signing_request_with_san.txt · Last modified: 02/12/2018 21:34 by 127.0.0.1