Step 1 - Create a req.conf file and fill it with the following: [req] distinguished_name = req_distinguished_name x509_extensions = v3_req prompt = no [req_distinguished_name] C = US ST = VA L = SomeCity O = MyCompany OU = MyDivision CN = www.company.com [v3_req] keyUsage = keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1 = www.company.net DNS.2 = company.com DNS.3 = company.net Step 2 - Generate a key $ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 $ openssl rsa -passin pass:x -in server.pass.key -out server.key writing RSA key $ rm server.pass.key Step 3 - Generate the CSR openssl req -x509 -nodes -days 730 -newkey rsa:2048 -key server.key -out server.csr -config req.conf