I had the requirement to create a certificate with a subject Alternative Name (additional dns names for the same host). Again it turned out not to be that simple. A extra configuration has to be created and the SubjectAltName can be added in this config for the Signing Request.
We will create a private key file together with a CSR.
SubjectAltName in Certificate Signing Request
#?/bin/sh cat > my.cnf <<EOF [ req ] default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name req_extensions = req_ext # The extentions to add to the self signed cert [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = DE stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = Upper Corner localityName = Locality Name (eg, city) localityName_default = Internet organizationName = Organization Name (eg, company) organizationName_default = Krebs Co commonName = Common Name (eg, YOUR name) commonName_default = euer.krebsco.de commonName_max = 64 [ req_ext ] subjectAltName = @alt_names [alt_names] DNS.1 = euer.krebsco.de DNS.2 = euer EOF openssl req -new -nodes -out my.csr -config my.cnf openssl req -noout -text -in my.csr