02. How to Create SSL SAN Certificate Using OpenSSL

How to Generate a CSR and Private Key

cat > req.txt <<-EOF
[req]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn

[ dn ]
C  = JP
ST = Tokyo
L  = Shibuya-ku
O  = Example, Inc.
OU = IT
CN = www.example.com

[ req_ext ]
subjectAltName = @alt_names

[ alt_names ]
NS.1 = www.example.com
NS.2 = example.com
NS.3 = test.example.com
EOF

openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr -config req.txt

How to Check CSR

openssl req -text -in example.com.csr

Checking certificate extensions

Check SAN(the subject alternative name)

$ echo | openssl s_client -connect redhat.com:443 2>/dev/null | openssl x509 -noout -ext subjectAltName
X509v3 Subject Alternative Name:
    DNS:*.redhat.com, DNS:redhat.com

Check your certificate with Web Tools

Symantec SSL Toolbox https://ssltools.websecurity.symantec.com/checker/
Use these tools to check CSR generation and certificate installation

OpenSSL - How to use OpenSSL from the outside

cmdref.net - Cheat Sheet and Example

Sidebar

02. How to Create SSL SAN Certificate Using OpenSSL

Table of Contents

How to Generate a CSR and Private Key

How to Check CSR

Checking certificate extensions

Check your certificate with Web Tools

cmdref.net - Cheat Sheet and Example

User Tools

Site Tools

Sidebar

02. How to Create SSL SAN Certificate Using OpenSSL

Table of Contents

How to Generate a CSR and Private Key

How to Check CSR

Checking certificate extensions

Check your certificate with Web Tools

Page Tools