Generate certificate request with SAN (needs file.key)

csr.sh

#!/bin/bash

# ./csr.sh [domain] [filename] - generate certificate request (needs file.key)

# set domain and key/csr filename permanently:
DOMAIN="example.com"; FN="example"

# set certificate attributes:
C="AU"; ST="Some-State"; L="City"; O="Internet Widgits Pty Ltd"; OU="Section"

# set openssl options:
#OPTS="-sha256 -newkey rsa:4096"
OPTS="-sha512"

for ((i=0; i < 1; i++)); do [ "$1" ] && { DOMAIN="$1" && shift; }; [ "$1" ] && FN="$1"; done 
[ ! -s "$FN.key" ] && { echo "ERROR: $FN.key not found, exiting"; exit 1; }
[ -s "$FN.csr" ] && { echo "WARNING: $FN.csr already exists, renaming to $FN.$$.csr.bak"; mv "$FN.csr" "$FN.$$.csr.bak"; }

openssl req -new "$OPTS" -nodes -out "$FN.csr" -key "$FN.key" -keyout "$FN.$$.key" -config <(cat <<-_EOF_
[req]
default_bits = 4096
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = req_distinguished_name
attributes = req_attributes

[ req_distinguished_name ]
C = $C
ST = $ST
L = $L
O = $O
OU = $OU
CN = www.$DOMAIN
emailAddress = info@$DOMAIN

[ req_ext ]
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = $DOMAIN
DNS.2 = www.$DOMAIN
DNS.3 = webmail.$DOMAIN
DNS.4 = ftp.$DOMAIN
DNS.5 = mail.$DOMAIN
DNS.6 = test.$DOMAIN

[ req_attributes ]
_EOF_
) && openssl req -in "$FN.csr" -noout -text -verify