Generate CSR for multiple domain names
Here is a simple tip to generate a CSR containing SAN (Subject Alternative Names) with OpenSSL in two line. The first step is to generate the private key:
openssl genrsa -out your_private.key 4096
Subject Alternative Names (Wikipedia)
subjectAltName (SAN) is an extension to X.509 that allows various values to be associated with a security certificate. These values are called “Subject Alternative Names”, or SANs. Names include:
- e-mail addresses
- IP addresses
- URIs
- DNS names (This is usually also provided as the Common Name RDN within the Subject field of the main certificate.)
- directory names (alternative Distinguished Names to that given in the Subject)
- other names, given as a General Name: an registered Object identifier followed by a value
The second line is also quite simple:
openssl req -new -sha256 -key your_private.key -subj “/C=FR/ST=AI/O=MyCompany/CN=your.first.domainname” -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf “[SAN]\nsubjectAltName=DNS:your.first.domainname,DNS:your.second.domainname”)) -out request_file.csr
For information, you can get one certificate with up to 5 hostnames from StartSSL (and for free).
Reference
My Powershell script categories
- Active Directory
- Cluster
- Database
- Exchange
- Files and folders
- Hardware
- Network
- Operating System
- PKI
- SCCM
- Service and process
- Tips
- VMWare