1 files changed, 51 insertions, 0 deletions

diff --git a/content/posts/openssl-csr-with-subject-alternative-names.rst b/content/posts/openssl-csr-with-subject-alternative-names.rst
new file mode 100644
index 0000000..818bf17
--- /dev/null
+++ b/content/posts/openssl-csr-with-subject-alternative-names.rst
@@ -0,0 +1,51 @@
+OpenSSL CSR with Subject Alternative Names
+##########################################
+:date: 2012-02-07 09:54
+:tags: openssl, csr, subjectAltName
+
+I had the requirement to create a certificate with a subject Alternative Name
+(additional dns names for the same host). Again it turned out not to be that
+simple. A extra configuration has to be created and the SubjectAltName can be
+added in this config for the Signing Request. 
+
+We will create a private key file together with a CSR.
+
+SubjectAltName in Certificate Signing Request
+=============================================
+
+
+.. code-block:: bash
+
+    #?/bin/sh
+
+    cat > my.cnf <<EOF
+    [ req ]
+    default_bits        = 2048
+    default_keyfile     = privkey.pem
+    distinguished_name  = req_distinguished_name
+    req_extensions     = req_ext # The extentions to add to the self signed cert
+    
+    [ req_distinguished_name ]
+    countryName           = Country Name (2 letter code)
+    countryName_default   = DE
+    stateOrProvinceName   = State or Province Name (full name)
+    stateOrProvinceName_default = Upper Corner
+    localityName          = Locality Name (eg, city)
+    localityName_default  = Internet
+    organizationName          = Organization Name (eg, company)
+    organizationName_default  = Krebs Co
+    commonName            = Common Name (eg, YOUR name)
+    commonName_default    = euer.krebsco.de
+    commonName_max        = 64
+    
+    [ req_ext ]
+    subjectAltName          = @alt_names
+    
+    [alt_names]
+    DNS.1   = euer.krebsco.de
+    DNS.2   = euer
+    EOF
+
+    openssl req -new -nodes -out my.csr -config my.cnf
+    openssl req -noout -text -in my.csr
+