This script will produce SSL certificate signing request with subjectAltName covering several alternatives hostnames.

create_certs_requests.sh

#!/bin/bash
#==============================================================================
#title           : create_certs_requests.sh
#description     : This script will produce SSL certificate signing request with subjectAltName covering several alternatives hostnames.
#author          : lrivallain
#date            : 20200101
#version         : 1.0
#usage           : bash create_certs_requests.sh PRIMARY_FQDN [SECONDARY_DNS] [...]
#notes           : requires: openssl
#==============================================================================

# usage
if [ $# -lt 1 ]; then
   echo "This script will produce SSL certificate signing request with subjectAltName covering several alternatives hostnames.

Usage:
   $0 publicdomain_hostname appliance_1_hostname appliance_2_hostname..."
   exit -1
fi

# prepare folder
#mkdir -p ./certs
#cd ./certs

# configure colors
highlight_color="\e[32m"
default_color="\e[39m"

# Ask for details about certificate
read -s -p "Enter Passphrase             : " key_passphrase
echo ""
read -p    "Enter countryName            : " country
read -p    "Enter stateName              : " state
read -p    "Enter localityName           : " locality
read -p    "Enter organizationName       : " organization
read -p    "Enter organizationalUnitName : " organizationalunit


# building the subjectAltNames list
first_domain="$1"
subjectAltNames="DNS: $first_domain"
shift
for altname in "$@"; do
    echo "$altname"
    subjectAltNames="$subjectAltNames, DNS: $altname"
done
echo -e "Result of building the subjectAltNames list: $highlight_colorsubjectAltName = $subjectAltNames$default_color"

# Create the certificate configuration file
echo "[ req ]
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req
output_password = $key_passphrase
[ v3_req ]
basicConstraints = CA:false
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = $subjectAltNames
[ req_distinguished_name ]
countryName = $country
stateOrProvinceName = $state
localityName = $locality
0.organizationName = $organization
organizationalUnitName = $organizationalunit
commonName = $first_domain
" > "$first_domain.cfg"

# create certifcate signing request and key file
openssl req -new -nodes -out $first_domain.csr -sha256 \
            -newkey rsa:2048 -keyout $first_domain.key \
            -config $first_domain.cfg 2>&1 > /dev/null

# print files names
echo -e "Certificate signing request configuration : $highlight_color$first_domain.cfg$default_color"
echo -e "Certificate signing request               : $highlight_color$first_domain.csr$default_color"
echo -e "Certificate key file                      : $highlight_color$first_domain.key$default_color"

# remove passphrase from config file
sed -i "s/output_password.*/output_password = \*\*\*\*\*\*\*\*/g" $first_domain.cfg

# print relevant files to continue
echo "
_______________________________________________________
"

read -p "Press ENTER to display the certificate signing request..."
echo "
"
cat $first_domain.csr

echo "
_______________________________________________________
"

read -p "Press ENTER to display the certificate key file..."
echo "
"
cat $first_domain.key
echo "
_______________________________________________________

What to do next ?

  1. Request signing from your Certification Authority by submitting
      the above certificate signing request.
  2. Concatenate the CA root + CA intermediate + the signed certificate
      in $first_domain.cachain.crt
  3. Install the $first_domain.cachain.crt file content to your product
      (you'll be prompted for the passphrase you previously entered)

_______________________________________________________
"