Since modern browsers need the SAN field to be defined in all certificates that websites present (otherwise they shoot an error), we’re offering one method to create a CSR (Certificate Signing Request) and another method to create a self signed certificate, both with just one command line, without having to create special configuration files for OpenSSL and regardless of the package’s version.
Create a CSR with SAN with OpenSSL
openssl req -new -newkey rsa:4096 -nodes -keyout example.key -out example.csr \ -subj '/C=RO/ST=BU/L=Bucharest/O=MyCompany/CN=example.ro/[email protected]' \ -config <(echo '[req]'; echo 'distinguished_name=req'; echo 'req_extensions=san'; echo '[san]'; echo 'subjectAltName=DNS:example.ro,DNS:www.example.ro')
You can test the result by using the following command
openssl req -in example.csr -noout -text
Create a self signed SAN certificate with OpenSSL
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -extensions san -keyout example.key -out example.crt \ -subj '/C=RO/ST=BU/L=Bucharest/O=MyCompany/CN=example.ro/[email protected]' \ -config <(echo '[req]'; echo 'distinguished_name=req'; echo '[san]'; echo 'subjectAltName=DNS:example.ro,DNS:www.example.ro')
You can test the result by using the following command
openssl x509 -noout -text -in example.crt