This procedure will show you how to create Subject Alternate Name (SAN), or in other words, a certificate request with multiple Common Name (CN) DNS aliases.
It order to do so, we need to create a CSR request template as shown below:
1. Create the certificate request template as followed:
[req] distinguished_name = req_distinguished_name req_extensions = v3_req prompt = no [req_distinguished_name] C = Country Letter Code ST = State or Province L = City O = Company Name Inc. OU = Division Name Inc. CN = CommonName.Domain.TLD [v3_req] keyUsage = keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1 = AlternateHostName1.Domain.TLD DNS.2 = AlternateHostName2.Domain.TLD
Note: Edit all fields between [req_distinguished_name] and [v3_req] and then under [alt_names], edit “DNS.x” based on your situation. You may delete or append as many DNS.x field as you need based on the alternate name you need. Name the file as “san.cnf”.
2. Generate the certificate request (CSR) based on your SAN template:
openssl req -new -out hostname.domain.tld.csr -newkey rsa:2048 -nodes -sha256 -keyout hostname.domain.tld.key -config san.cnf
3. Validate your CSR:
openssl req -text -noout -verify -in hostname.domain.tld.csr
4. If all information are correct, you may now carry on with submitting the CSR to the Certificate Authority (CA).