Write CSR with SAN-attributes


distinguished_name = req_distinguished_name
req_extensions = v3_req
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = MyProvince
localityName = Locality Name (eg, city)
localityName_default = Mycity
0.organizationName = Organization Name (eg, company)
0.organizationName_default = MyOrganisation
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = MyOrganisationUnit
commonName = Subject Name
commonName_max = 64
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

DNS.1 = san1.domain.com
DNS.2 = san2.domain.com

OpenSSL> req -newkey rsa:2048 -keyout C:\Certs\MyKey.key -out C:\Certs\Request.csr -config C:\Certs\Openssl.cnf

When you get the signed CSR in return follow this article to generate a pfx or p12

This entry was posted in OpenSSL, PKI and tagged , , . Bookmark the permalink.