Table of Contents

02. How to Create SSL SAN Certificate Using OpenSSL

02. How to Create SSL SAN Certificate Using OpenSSL

Table of Contents

02. How to Create SSL SAN Certificate Using OpenSSL

Related Pages

How to Generate a CSR and Private Key

cat > req.txt <<-EOF
[req]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn

[ dn ]
C  = JP
ST = Tokyo
L  = Shibuya-ku
O  = Example, Inc.
OU = IT
CN = www.example.com

[ req_ext ]
subjectAltName = @alt_names

[ alt_names ]
NS.1 = www.example.com
NS.2 = example.com
NS.3 = test.example.com
EOF

openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr -config req.txt

How to Check CSR

openssl req -text -in example.com.csr

Checking certificate extensions

Check SAN(the subject alternative name)

$ echo | openssl s_client -connect redhat.com:443 2>/dev/null | openssl x509 -noout -ext subjectAltName
X509v3 Subject Alternative Name:
    DNS:*.redhat.com, DNS:redhat.com

Check your certificate with Web Tools

Symantec SSL Toolbox https://ssltools.websecurity.symantec.com/checker/
Use these tools to check CSR generation and certificate installation

OpenSSL - How to use OpenSSL from the outside