diff options
Diffstat (limited to 'content/posts/openssl-csr-with-subject-alternative-names.rst')
-rw-r--r-- | content/posts/openssl-csr-with-subject-alternative-names.rst | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/content/posts/openssl-csr-with-subject-alternative-names.rst b/content/posts/openssl-csr-with-subject-alternative-names.rst new file mode 100644 index 0000000..818bf17 --- /dev/null +++ b/content/posts/openssl-csr-with-subject-alternative-names.rst @@ -0,0 +1,51 @@ +OpenSSL CSR with Subject Alternative Names +########################################## +:date: 2012-02-07 09:54 +:tags: openssl, csr, subjectAltName + +I had the requirement to create a certificate with a subject Alternative Name +(additional dns names for the same host). Again it turned out not to be that +simple. A extra configuration has to be created and the SubjectAltName can be +added in this config for the Signing Request. + +We will create a private key file together with a CSR. + +SubjectAltName in Certificate Signing Request +============================================= + + +.. code-block:: bash + + #?/bin/sh + + cat > my.cnf <<EOF + [ req ] + default_bits = 2048 + default_keyfile = privkey.pem + distinguished_name = req_distinguished_name + req_extensions = req_ext # The extentions to add to the self signed cert + + [ req_distinguished_name ] + countryName = Country Name (2 letter code) + countryName_default = DE + stateOrProvinceName = State or Province Name (full name) + stateOrProvinceName_default = Upper Corner + localityName = Locality Name (eg, city) + localityName_default = Internet + organizationName = Organization Name (eg, company) + organizationName_default = Krebs Co + commonName = Common Name (eg, YOUR name) + commonName_default = euer.krebsco.de + commonName_max = 64 + + [ req_ext ] + subjectAltName = @alt_names + + [alt_names] + DNS.1 = euer.krebsco.de + DNS.2 = euer + EOF + + openssl req -new -nodes -out my.csr -config my.cnf + openssl req -noout -text -in my.csr + |