Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Open SSL SAN
# Generate Private Key
$ openssl genrsa -out server.key 2048
# Generate CSR
$ openssl req -new -out server.csr -key server.key -config openssl.cnf
# => Fill in info
# Check CSR
$ openssl req -text -noout -in server.csr
# Sign Cert
$ openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt -extensions v3_req -extfile openssl.cnf
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
req_extensions = v3_req
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = UK
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Wales
localityName = Locality Name (eg, city)
localityName_default = Cardiff
organizationName = Organization Name (eg, company)
organizationName_default = Example UK
commonName = Common Name (eg, YOUR name)
commonName_default = one.test.app.example.net
commonName_max = 64
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = two.test.app.example.net
DNS.2 = exampleapp.com
@garethrees

This comment has been minimized.

Copy link
Owner Author

@garethrees garethrees commented Apr 29, 2013

Default openssl.cnf on OS X:

/System/Library/OpenSSL/openssl.cnf
@necrose99

This comment has been minimized.

Copy link

@necrose99 necrose99 commented Feb 16, 2016

:-) good template to have .

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.