Create Certificate Signing Request with Multiple Subject Alternative Names
Tuesday, February 8, 2022
Add a comment
by Ramses Soto-Navarro ramses@sotosystems.com, 2/8/2022
Overview
Create CNF
Create CSR
Verify CSR
Overview
Brief on how to create a certificate request with multiple subject alternative name.
Create CNF
Create an OpenSSL configuration file:
# mkdir /etc/ssl/mycerts && cd /etc/ssl/mycerts # vi example.com.cnf [ req ] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = v3_req distinguished_name = req_distinguished_name prompt = no output_password = mypass [ req_distinguished_name ] countryName = US stateOrProvinceName = Florida localityName = Example County organizationName = Example Corporation organizationalUnitName = IT Department commonName = example.com emailAddress = admin@example.com [ v3_req ] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment extendedKeyUsage = clientAuth,serverAuth subjectAltName = @alt_names [alt_names] DNS.1 = *.example.com DNS.2 = example.com
Create CSR
Create the certificate signing request:
# openssl req -out example.com.csr -newkey rsa:2048 -nodes -keyout example.com.priv.key -config example.com.cnf
Verify CSR
Verify that the CSR has the correct subject alternative names:
# openssl req -noout -text -in example.com.csr | grep DNS
The End.