OpenSSL SAN certificates from the command line

Since modern browsers need the SAN field to be defined in all certificates that websites present (otherwise they shoot an error), we’re offering one method to create a CSR (Certificate Signing Request) and another method to create a self signed certificate, both with just one command line, without having to create special configuration files for OpenSSL and regardless of the package’s version.

Create a CSR with SAN with OpenSSL

openssl req -new -newkey rsa:4096 -nodes -keyout example.key -out example.csr \
   -subj '/C=RO/ST=BU/L=Bucharest/O=MyCompany/CN=example.ro/[email protected]' \
   -config <(echo '[req]'; echo 'distinguished_name=req'; echo 'req_extensions=san';
                   echo '[san]'; echo 'subjectAltName=DNS:example.ro,DNS:www.example.ro')

You can test the result by using the following command

openssl req -in example.csr -noout -text

Create a self signed SAN certificate with OpenSSL

openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -extensions san -keyout example.key -out example.crt \
  -subj '/C=RO/ST=BU/L=Bucharest/O=MyCompany/CN=example.ro/[email protected]' \
  -config <(echo '[req]'; echo 'distinguished_name=req';
                  echo '[san]'; echo 'subjectAltName=DNS:example.ro,DNS:www.example.ro')

You can test the result by using the following command

openssl x509 -noout -text -in example.crt