Linux : How to create a SAN SSL certificate request

By | May 29, 2021

This procedure will show you how to create Subject Alternate Name (SAN), or in other words, a certificate request with multiple Common Name (CN) DNS aliases.

It order to do so, we need to create a CSR request template as shown below:

1. Create the certificate request template as followed:

		distinguished_name = req_distinguished_name
		req_extensions = v3_req
		prompt = no
		C = Country Letter Code
		ST = State or Province
		L = City
		O = Company Name Inc.
		OU = Division Name Inc.
		CN = CommonName.Domain.TLD
		keyUsage = keyEncipherment, dataEncipherment
		extendedKeyUsage = serverAuth
		subjectAltName = @alt_names
		DNS.1 = AlternateHostName1.Domain.TLD
		DNS.2 = AlternateHostName2.Domain.TLD

Note: Edit all fields between [req_distinguished_name] and [v3_req] and then under [alt_names], edit “DNS.x” based on your situation. You may delete or append as many DNS.x field as you need based on the alternate name you need. Name the file as “san.cnf”.

2. Generate the certificate request (CSR) based on your SAN template:

openssl req -new -out hostname.domain.tld.csr -newkey rsa:2048 -nodes -sha256 -keyout hostname.domain.tld.key -config san.cnf

3. Validate your CSR:

openssl req -text -noout -verify -in hostname.domain.tld.csr

4. If all information are correct, you may now carry on with submitting the CSR to the Certificate Authority (CA).