Create SAN (Subject Alternative Names) certificate with OpenSSL

Moderator: cah

Post Reply
cah
General of the Army / Fleet Admiral / General of the Air Force
General of the Army / Fleet Admiral / General of the Air Force
Posts: 1342
Joined: Sun Aug 17, 2008 5:05 am

Create SAN (Subject Alternative Names) certificate with OpenSSL

Post by cah »

Create a file named san.cnf with the following information:

Code: Select all

[ req ]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = req_ext
[ req_distinguished_name ]
countryName                 = Country Name (2 letter code)
stateOrProvinceName         = State or Province Name (full name)
localityName               = Locality Name (eg, city)
organizationName           = Organization Name (eg, company)
commonName                 = Common Name (e.g. server FQDN or YOUR name)
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1   = bestflare.com
DNS.2   = usefulread.com
DNS.3   = chandank.com
Use the following command to generate CSR and key:

Code: Select all

openssl req -out sslcert.csr -newkey rsa:2048 -nodes -keyout private.key -config san.cnf
Use the following command to verify CSR for SAN:

Code: Select all

# openssl req -noout -text -in sslcert.csr | grep DNS
DNS:bestflare.com, DNS:usefulread.com, DNS:chandank.com
CAH, The Great
Top
Post Reply

Return to “Technology / 科技交流”