ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    OpenSSL CSR with Subject Alternative Name

    IT Discussion
    openssl how-to san subject alternative name csr pki certificates ssl tls
    2
    5
    2.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • EddieJenningsE
      EddieJennings
      last edited by EddieJennings

      https://geekflare.com/san-ssl-certificate/

      This worked beautifully for me. Chrome 58 gripes about a SAN not being present, and ye ole way I'd use to generate a csr didn't prompt you for any kind of SAN. Granted this won't prompt you, rather you'll simply configure what you want.

      Ye ole way (doesn't produce any kind of SAN) = openssl req -new newcsr.req -newkey rsa:2048 -nodes -keyout newkey.key

      I'm sure there are different ways (and likely better) to achieve this, but the above link worked for me.

      Edited for clarity.

      JaredBuschJ 1 Reply Last reply Reply Quote 1
      • JaredBuschJ
        JaredBusch @EddieJennings
        last edited by

        @EddieJennings said in OpenSSL CSR with Subject Alternative Name:

        https://geekflare.com/san-ssl-certificate/

        This worked beautifully for me. Chrome 58 gripes about a SAN not being present, and ye ole way I'd use to generate a csr didn't prompt you for any kind of SAN. Granted this won't prompt you, rather you'll simply configure what you want.

        Ye ole way = openssl req -new newcsr.req -newkey rsa:2048 -nodes -keyout newkey.key

        I'm sure there are different ways (and likely better) to achieve this, but this worked for me.

        That is not adding a SAN, that is making a new cert with a new private key.

        EddieJenningsE 1 Reply Last reply Reply Quote 1
        • EddieJenningsE
          EddieJennings @JaredBusch
          last edited by

          @JaredBusch Correct. The "ye olde way" is how I've typically made a CSR and private key. The link I included talks about making a configuration file, which allows you to include SAN in your CSR.

          JaredBuschJ 1 Reply Last reply Reply Quote 0
          • JaredBuschJ
            JaredBusch @EddieJennings
            last edited by

            @EddieJennings said in OpenSSL CSR with Subject Alternative Name:

            @JaredBusch Correct. The "ye olde way" is how I've typically made a CSR and private key. The link I included talks about making a configuration file, which allows you to include SAN in your CSR.

            Ah, did not read the link. Yes, using a config file is the only method to get any SAN on a cert with OpenSSL.

            EddieJenningsE 1 Reply Last reply Reply Quote 0
            • EddieJenningsE
              EddieJennings @JaredBusch
              last edited by

              @JaredBusch said in OpenSSL CSR with Subject Alternative Name:

              @EddieJennings said in OpenSSL CSR with Subject Alternative Name:

              @JaredBusch Correct. The "ye olde way" is how I've typically made a CSR and private key. The link I included talks about making a configuration file, which allows you to include SAN in your CSR.

              Ah, did not read the link. Yes, using a config file is the only method to get any SAN on a cert with OpenSSL.

              And after re-reading my post, I realized how terrible it was :(. I was hoping to find a one liner kind of thing, but alas. That particular article made it clear how to do it.

              1 Reply Last reply Reply Quote 0
              • 1 / 1
              • First post
                Last post