SecureNT Intranet SSL

SSL/TLS Certificates for Internal Networks.

How to create CSR with SAN values using OpenSSL ?

For creating CSR with SAN values (X.509 v3 Extension) it’s important to create a configuration file with the required certificate details. Execute following command in openssl.

openssl req -newkey rsa:2048 -nodes -keyout pvtkey.cer -config config.cnf -out csr.txt -utf8

It will create a Private key (pvtkey.cer) and CSR file (csr.txt).

Sample Configuration file (config.cnf)

[req]
prompt = no
distinguished_name = dn
req_extensions = ext

[dn]
CN = 192.168.2.23
O = Abc Corporation
L = Sydney
ST = New South Walse
C = AU

[ext]
subjectAltName = @alt_names

[alt_names]
IP.1 = 192.168.2.23
IP.2 = 10.12.4.122
DNS.1 = 192.168.2.23
DNS.2 = 10.12.4.22
DNS.3 = sms.abc.local
DNS.4 = localhost

It will generate CSR with CN=192.168.2.23 and 3 SAN values: 10.12.4.122, sms.abc.local and localhost.

Notice that when IP address is there in CN or SAN, we need to put its value against both IP Address and DNS. For others (URL, Servername etc) only DNS value is required.

Tagged In
Certificate Signing Request CSR DNS IP Address localhost openssl SAN URL X.509 v3 Extension

No Comments Yet.

SecureNT Intranet SSL

SSL/TLS Certificates for Internal Networks.

Copyright © 2024 Secure Network Traffic. All rights reserved. SecureNT is a registered trademark of Secure Network Traffic.

SecureNT
What is it? Why use it? When do I need it? Self-Signed Certificates
attach_money Price Calculator shopping_bag Buy Now experiment Try for Free
install_desktop Installation help FAQs description Support Request
info Our Story call Contact Us storefront Resellers
edit_note Blog