Generate CSR and self SSL/TLS signed certificate with multiple SAN or hostname
If our website helped you then please click on any of the ads on this page to support us. Your support will help us to create more and more useful posts.
Step1: Create a file named sguru.cnf with the following details.
[req]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no
[req_distinguished_name]
countryName = CA ## Put the country code
stateOrProvinceName = ON ## Put the state or province code
localityName = Toronto ## Put the locality name
organizationName = My Company Inc ##Put the company name
organizationalUnitName = Sales Team ## This is optional
emailAddress = test@example.com ## Email Address. This is optional.
commonName = www.example.com ## Put the common name
[req_ext]
subjectAltName = @alt_names
### You can add more entries as per your requirement.
[alt_names]
DNS.1 = test1.example.com
DNS.2 = test2.example.com
DNS.3 = test3.example.com
Step 2: Execute the following command
openssl req -out yourdomain.csr -newkey rsa:2048 -nodes -keyout yourdomain.key -config sguru.cnf
Step 3: You can see that yourdomain.csr generated successfully.
Step4: Verify that the CSR generated correctly. You can use the following command to test this.
openssl req -in yourdomain.csr -noout -text | grep DNS
Step 5: If you are planning to buy SSL/TLS from vendor like digicert then give them this CSR file.
Step 6: If you are planning to setup a self-signed SSL/TLS certificate then please execute the following command.
openssl x509 -signkey yourdomain.key -in yourdomain.csr -req -days 365 -out yourdomain.crt
Now you can see the certificate file as yourdomain.crt
Above command will create a self-signed certificate with 365 days expiry date. If you want to set a higher expiry time then you can do it.
If our website helped you then please click on any of the ads on this page to support us. Your support will help us to create more and more useful posts.