This procedure will show you how to create Subject Alternate Name (SAN), or in other words, a certificate request with multiple Common Name (CN) DNS aliases.
It order to do so, we need to create a CSR request template as shown below:
1. Create the certificate request template as followed:
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
C = Country Letter Code
ST = State or Province
L = City
O = Company Name Inc.
OU = Division Name Inc.
CN = CommonName.Domain.TLD
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
DNS.1 = AlternateHostName1.Domain.TLD
DNS.2 = AlternateHostName2.Domain.TLD
Note: Edit all fields between [req_distinguished_name] and [v3_req] and then under [alt_names], edit “DNS.x” based on your situation. You may delete or append as many DNS.x field as you need based on the alternate name you need. Name the file as “san.cnf”.
2. Generate the certificate request (CSR) based on your SAN template:
openssl req -new -out hostname.domain.tld.csr -newkey rsa:2048 -nodes -sha256 -keyout hostname.domain.tld.key -config san.cnf
3. Validate your CSR:
openssl req -text -noout -verify -in hostname.domain.tld.csr
4. If all information are correct, you may now carry on with submitting the CSR to the Certificate Authority (CA).