openssl create SCR with multiple SANs


one certificate works with multiple subdomain.

first config openssl-san.cnf

mkdir test-san && cd test-san cp /etc/ssl/openssl.cnf ./openssl-san.cnf

add the followings:

req_extensions = v3_req

[ v3_req ]

# Extensions to add to a certificate request

basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

DNS.1 =
DNS.2 =
DNS.3 =

then create new key with password

openssl genrsa -passout stdin -out server.key 2048


ssh-askpass openssl genrsa -passout stdin -out server.key 2048

finally create the CSR file

openssl req -new -out req.csr -key server.key -config openssl-san.cnf

check SANs

openssl req -text -noout -in req.csr

CAcert wiki

Leave A Comment