Create SSL certificates with Subject Alternative Names extensions

README.md

Creating SSL Certificates - SAN Extensions

** Replace $(...) with information of yours.

First create the san.conf

[ req ]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = req_ext
prompt = no

[ req_distinguished_name ]
countryName                = BR
stateOrProvinceName        = SP
localityName               = Araraquara
organizationName           = Red Hat, Inc
commonName                 = $(FQDN)

[ req_ext ]
subjectAltName = @alt_names

[alt_names]
DNS.1   = $(DNS1)
DNS.2   = $(DNS2)

Creating private key

openssl genrsa -out rootCA.key 2048

Creating root CA pem

openssl req -batch -new -x509 -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem

Creating CSR

openssl req -newkey rsa:4096 -nodes -sha256 -days 3650 -keyout $(DOMAIN).key -out $(DOMAIN).csr -config san.cnf

Creating SAN SSL Certificate

openssl x509 -req -in $(DOMAIN).csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out $(DOMAIN).crt -days 500 -sha256 -extfile san.cnf -extensions req_ext

Check your recently create certificate SANs

openssl x509 -in $(DNS).crt  -text -noout

Check your CSR file SANS

openssl req -text -noout -in $(DNS).csr