blob: 818bf174058b2dfa396e2cdb46e507f47b059940 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
OpenSSL CSR with Subject Alternative Names
##########################################
:date: 2012-02-07 09:54
:tags: openssl, csr, subjectAltName
I had the requirement to create a certificate with a subject Alternative Name
(additional dns names for the same host). Again it turned out not to be that
simple. A extra configuration has to be created and the SubjectAltName can be
added in this config for the Signing Request.
We will create a private key file together with a CSR.
SubjectAltName in Certificate Signing Request
=============================================
.. code-block:: bash
#?/bin/sh
cat > my.cnf <<EOF
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
req_extensions = req_ext # The extentions to add to the self signed cert
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = DE
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Upper Corner
localityName = Locality Name (eg, city)
localityName_default = Internet
organizationName = Organization Name (eg, company)
organizationName_default = Krebs Co
commonName = Common Name (eg, YOUR name)
commonName_default = euer.krebsco.de
commonName_max = 64
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = euer.krebsco.de
DNS.2 = euer
EOF
openssl req -new -nodes -out my.csr -config my.cnf
openssl req -noout -text -in my.csr
|
