Index ¦ Archives ¦ Atom

Adding subject alternative name to certificate request

This is another note to self, I must have done this 20 or 30 times over the years but I can never remember exactly how.

The easiest way I've found to add subject alternate names to certificate requests is to add two lines at the end of /etc/ssl/openssl.cnf

[SAN]
subjectAltName=DNS:example.com,DNS:www.example.com,DNS:mail.example.com

Then when creating a CSR simply include -reqexts SAN

openssl req -out CSR.csr -new -newkey rsa:4096 -nodes -keyout privateKey.key -reqexts SAN

or

openssl req -out CSR.csr -key my-existing-key.example.com.key -new -sha256 -reqexts SAN

It's that simple.

Posted on: Thu 20 October 2016

Category: Posts – Tags: Note to self, OpenSSL, TLS

Creative Commons License
Content on this site is licensed under a Creative Commons Attribution 4.0 International License.
Built using Pelican. Based on a theme by Giulio Fidente on github.