Gab’s Notes

My take on tech-related subjects (but not only).

Create a CSR with SAN

Published on · 1 min read
CertificatesOpenSSLQuick NoteTLS

Another quick note today: how to generate a CSR for a basic certificate supported by modern browsers (includes Subject Alternative Name).

Config file

# example.conf
[req]
prompt = no
distinguished_name = dn
req_extensions = req_ext

[dn]
CN = example.com
O = Company Name
L = Lyon
C = FR

[req_ext]
subjectAltName = DNS: example.com, IP: 192.168.1.1

Of course, remember to adjust the settings according to the organization you're creating the CSR for:

  • [dn] (distinguished name) section
  • subjectAltName line (DNS and IP)

Private key

openssl genrsa -out example.key 4096

CSR

openssl req -new -config example.conf -key example.key -out example.csr

You might also like