I had the requirement to create a certificate with a subject Alternative Name (additional dns names for the same host). Again it turned out not to be that simple. A extra configuration has to be created and the SubjectAltName can be added in this config for the Signing Request.
We will create a private key file together with a CSR.
SubjectAltName in Certificate Signing Request
#?/bin/sh
cat > my.cnf <<EOF
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
req_extensions = req_ext # The extentions to add to the self signed cert
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = DE
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Upper Corner
localityName = Locality Name (eg, city)
localityName_default = Internet
organizationName = Organization Name (eg, company)
organizationName_default = Krebs Co
commonName = Common Name (eg, YOUR name)
commonName_default = euer.krebsco.de
commonName_max = 64
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = euer.krebsco.de
DNS.2 = euer
EOF
openssl req -new -nodes -out my.csr -config my.cnf
openssl req -noout -text -in my.csr
Comments