Sign in Subscribe
certificates OpenSSL quick note TLS

Create a CSR with SAN

How to generate a CSR for a basic certificate supported by modern browsers

Gabriel Augendre

1 min read
Create a CSR with SAN
Photo by Kelly Sikkema / Unsplash

Another quick note today: how to generate a CSR for a basic certificate supported by modern browsers (includes Subject Alternative Name).

Config file

# example.conf
[req]
prompt = no
distinguished_name = dn
req_extensions = req_ext

[dn]
CN = example.com
O = Company Name
L = Lyon
C = FR

[req_ext]
subjectAltName = DNS: example.com, IP: 192.168.1.1

Of course, remember to adjust the settings according to the organization you're creating the CSR for:

  • [dn] (distinguished name) section
  • subjectAltName line (DNS and IP)

Private key

openssl genrsa -out example.key 4096

CSR

openssl req -new -config example.conf -key example.key -out example.csr
Reply via email

Sign up for more like this.

Enter your email
Subscribe