52 lines
1.6 KiB
ReStructuredText
52 lines
1.6 KiB
ReStructuredText
OpenSSL CSR with Subject Alternative Names
|
|
##########################################
|
|
:date: 2012-02-07 09:54
|
|
:tags: openssl, csr, subjectAltName
|
|
|
|
I had the requirement to create a certificate with a subject Alternative Name
|
|
(additional dns names for the same host). Again it turned out not to be that
|
|
simple. A extra configuration has to be created and the SubjectAltName can be
|
|
added in this config for the Signing Request.
|
|
|
|
We will create a private key file together with a CSR.
|
|
|
|
SubjectAltName in Certificate Signing Request
|
|
=============================================
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
#?/bin/sh
|
|
|
|
cat > my.cnf <<EOF
|
|
[ req ]
|
|
default_bits = 2048
|
|
default_keyfile = privkey.pem
|
|
distinguished_name = req_distinguished_name
|
|
req_extensions = req_ext # The extentions to add to the self signed cert
|
|
|
|
[ req_distinguished_name ]
|
|
countryName = Country Name (2 letter code)
|
|
countryName_default = DE
|
|
stateOrProvinceName = State or Province Name (full name)
|
|
stateOrProvinceName_default = Upper Corner
|
|
localityName = Locality Name (eg, city)
|
|
localityName_default = Internet
|
|
organizationName = Organization Name (eg, company)
|
|
organizationName_default = Krebs Co
|
|
commonName = Common Name (eg, YOUR name)
|
|
commonName_default = euer.krebsco.de
|
|
commonName_max = 64
|
|
|
|
[ req_ext ]
|
|
subjectAltName = @alt_names
|
|
|
|
[alt_names]
|
|
DNS.1 = euer.krebsco.de
|
|
DNS.2 = euer
|
|
EOF
|
|
|
|
openssl req -new -nodes -out my.csr -config my.cnf
|
|
openssl req -noout -text -in my.csr
|
|
|