All HowTo's Cybersecurity

Generate a CSR With Alt Names Using OpenSSL

This article demonstrates how to generate a CSR (certificate signing request) using OpenSSL. In the examples below, change the bold text to be correct for you.

Generate the key file:

openssl genrsa -out example.key 2048 && chmod 0600 example.key

Create the config file as “/etc/httpd/example.csr.conf:

[ req ]
default_bits       = 2048
default_keyfile    = example.key
distinguished_name = req_distinguished_name
req_extensions     = req_ext

[ req_distinguished_name ]
countryName                 = AU
countryName_default         = AU
stateOrProvinceName         = SA
stateOrProvinceName_default = SA
localityName                = Adelaide
localityName_default        = Adelaide
organizationName            = ExampleCo
organizationName_default    = ExampleCo
commonName                  = www.example.com
commonName_max              = 64

[ req_ext ]
subjectAltName = @alt_names

[alt_names]
DNS.1   = www.example.com
DNS.2   = www

Generate the CSR file:

openssl req -new -nodes -sha256 -config /etc/httpd/example.csr.conf -out example.csr

Output that file:

cat example.csr

Most of what you see here came from “https://www.lisenet.com/2015/create-a-subject-alternative-name-san-csr-with-openssl/”.

Leave a Reply

Your email address will not be published. Required fields are marked *