Create SAN TLS/SSL Cert

calendar2020-06-07 · 1 min read · sslcert tlscert san  ·
Share on: linkedincopy
  1. Create san.conf
 1[ req ]
 2default_bits = 4096
 3prompt = no
 4encrypt_key = no
 5default_md = sha256
 6distinguished_name = dn
 7req_extensions = req_ext
 8  
 9[ dn ]
10CN = example.org
11emailAddress = webmaster@example.org
12O = Example Memorial Hospital
13OU = Example Memorial Hospital
14L = Chicago
15ST = Illinois
16C = US
17  
18[ req_ext ]
19subjectAltName = DNS: example.org, DNS: www.example.org

NOTE: Do not leave out OU. Otherwise, you will see the error below. Copy the value of O if you don't have OU

1problems making Certificate Request
2139909090453160:error:0D07A098:asn1 encoding routines:ASN1_mbstring_ncopy:string too short:a_mbstr.c:147:minsize=1
  1. Generate
1icasimpan@example:~$ openssl req -new -config san.conf -keyout example.org.key -out san.example.org.csr
2Generating a 4096 bit RSA private key
3...........++
4...................................................................................................................++
5writing new private key to 'example.org.key'
  1. Verify if correct information are there. One verifier is https://www.sslshopper.com/csr-decoder.html

More details in https://ethitter.com/2016/05/generating-a-csr-with-san-at-the-command-line/