A

How to create CSR with SAN values using OpenSSL?

This FAQ shows how to create a Certificate Signing Request (CSR) file with SAN values on the webserver using OpenSSL.

How to create CSR with SAN values using OpenSSL?
Category: Technical Information

For creating CSR with SAN values (X.509 v3 Extension) it’s important to create a configuration file with the required certificate details. Execute following command in openssl.

openssl req -newkey rsa:2048 -nodes -keyout pvtkey.cer -config config.cnf -out csr.txt -utf8

It will create a Private key (pvtkey.cer) and CSR file (csr.txt).

Sample Configuration file (config.cnf)

[req]
prompt = no
distinguished_name = dn
req_extensions = ext

[dn]
CN = 192.168.2.23
O = Abc Corporation
L = Sydney
ST = New South Walse
C = AU

[ext]
subjectAltName = @alt_names

[alt_names]
IP.1 = 192.168.2.23
IP.2 = 10.12.4.122
DNS.1 = 192.168.2.23
DNS.2 = 10.12.4.22
DNS.3 = sms.abc.local
DNS.4 = localhost

It will generate CSR with CN=192.168.2.23 and 3 SAN values: 10.12.4.122, sms.abc.local and localhost.

Notice that when IP address is there in CN or SAN, we need to put its value against both IP Address and DNS. For others (URL, Servername etc) only DNS value is required.

How to create CSR with SAN values using OpenSSL?
Tags: Certificate Signing Request, CSR, DNS, IP Address, localhost, openssl, SAN, URL, X.509 v3 Extension
Permalink

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top
How to create CSR with SAN values using OpenSSL?

Leave a Reply

Your email address will not be published. Required fields are marked *