OpenSSL: Creating RSA Key, Certificate Signing Request (CSR) with Subject Alternative Name (SAN)

Handy command to create a .csr and 2048-bit key file

# openssl req -new -sha256 -nodes -out domain.csr -newkey rsa:2048 -keyout domain.key -config <(
cat <<-EOF
[req]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn

[ dn ]
C=AU
ST=New South Wales
L=Sydney
O=Happy Organisation
OU=Creative Services
emailAddress=support@domain.com
CN = domain.com

[ req_ext ]
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = domain.com
DNS.2 = www.domain.com
DNS.3 = mail.domain.com
EOF
)

# openssl req -new -sha256 -nodes -out domain.csr -newkey rsa:2048 -keyout domain.key -config <(

cat <<-EOF

[req]

default_bits = 2048

prompt = no

default_md = sha256

req_extensions = req_ext

distinguished_name = dn

[ dn ]

C=AU

ST=New South Wales

L=Sydney

O=Happy Organisation

OU=Creative Services

emailAddress=support@domain.com

CN = domain.com

[ req_ext ]

subjectAltName = @alt_names

[ alt_names ]

DNS.1 = domain.com

DNS.2 = www.domain.com

DNS.3 = mail.domain.com

EOF

)

Share this:

Related

Leave a Reply Cancel reply