Generate CSR for multiple domain names
Generate CSR for multiple domain names

Generate CSR for multiple domain names

Here is a simple tip to generate a CSR containing SAN (Subject Alternative Names) with OpenSSL in two line. The first step is to generate the private key:
openssl genrsa -out your_private.key 4096

Subject Alternative Names (Wikipedia)
subjectAltName (SAN) is an extension to X.509 that allows various values to be associated with a security certificate. These values are called “Subject Alternative Names”, or SANs. Names include:

  • e-mail addresses
  • IP addresses
  • URIs
  • DNS names (This is usually also provided as the Common Name RDN within the Subject field of the main certificate.)
  • directory names (alternative Distinguished Names to that given in the Subject)
  • other names, given as a General Name: an registered Object identifier followed by a value


The second line is also quite simple:
openssl req -new -sha256 -key your_private.key -subj “/C=FR/ST=AI/O=MyCompany/CN=your.first.domainname” -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf “[SAN]\nsubjectAltName=DNS:your.first.domainname,DNS:your.second.domainname”)) -out request_file.csr

For information, you can get one certificate with up to 5 hostnames from StartSSL (and for free).




My Powershell script categories

Generate CSR for multiple domain names

Leave a Reply

Your email address will not be published. Required fields are marked *