Another quick note today: how to generate a CSR for a basic certificate supported by modern browsers (includes Subject Alternative Name).

Config file

# example.conf
prompt = no
distinguished_name = dn
req_extensions = req_ext

CN =
O = Company Name
L = Lyon
C = FR

subjectAltName = DNS:, IP:

Of course, remember to adjust the settings according to the organization you’re creating the CSR for:

  • [dn] (distinguished name) section
  • subjectAltName line (DNS and IP)

Private key

openssl genrsa -out example.key 4096


openssl req -new -config example.conf -key example.key -out example.csr