Generate SCR SSL Certificate with “Subject Alternative Names”

Introduction

This quick tutorial show how in easy way generate Certificate Signing Request with Subject Alternative Names

How to do it ?

• First we need to have openssl installed, we can download from this site.
• Configuration for CSR

• Generate RSA key file

C:\temp
λ openssl genrsa -out example.com.key 2048
Generating RSA private key, 2048 bit long modulus
...........................................................................................................................+++
......+++
e is 65537 (0x10001)
C:\temp
λ

• Generate CSR

C:\temp
λ openssl req -new -key example.com.key -out example.com.csr -config example.com.cnf

• Now we can verify the CSR

C:\temp
λ openssl req -in example.com.csr -noout -text
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=PL, L=Warsaw, O=Example, OU=EX, CN=example.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:be:63:64:0a:67:47:52:2e:1d:51:85:55:35:22:
                    c5:c3:5b:9c:1d:61:70:44:c3:91:21:3a:ba:99:55:
                    66:ae:84:6d:d4:4c:ae:8c:fa:d0:42:98:52:06:5a:
                    62:83:43:bb:e1:20:e9:a9:87:f0:9f:93:39:14:c9:
                    c3:d3:b9:80:7e:c1:eb:26:ef:a6:60:07:49:f7:81:
                    49:5e:bf:bb:17:0d:cd:e8:9f:e9:17:86:e7:fe:16:
                    20:70:c9:4a:1c:6c:55:75:68:98:e6:38:d3:dd:ad:
                    45:38:2d:73:ca:c9:04:b8:4d:9a:c0:88:b2:e2:d6:
                    0d:2a:cb:bb:30:0d:73:23:d1:39:10:5c:77:d0:2b:
                    be:71:c2:47:9e:23:1a:40:2a:56:1d:f9:0e:e0:b4:
                    60:23:69:a3:78:74:0e:ad:8c:e1:21:5d:98:e8:7c:
                    49:f4:f3:2a:12:f5:2e:69:4a:53:e4:41:4a:96:45:
                    94:39:97:69:09:46:f7:26:74:4d:64:28:91:15:22:
                    4e:bb:05:a8:4c:9b:19:d5:3a:9f:b2:96:7a:17:90:
                    44:ea:ee:3e:0e:58:ce:75:90:8c:8b:e1:f9:fd:0e:
                    a2:e8:b6:26:8c:2f:6c:5e:88:a1:52:50:5d:1a:72:
                    a5:63:a7:2f:78:eb:9f:8c:a3:08:f4:70:5b:f5:a1:
                    3d:0d
                Exponent: 65537 (0x10001)
        Attributes:
        Requested Extensions:
            X509v3 Key Usage:
                Key Encipherment, Data Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication
            X509v3 Subject Alternative Name:
                DNS:www.example.com, DNS:example.com
    Signature Algorithm: sha256WithRSAEncryption
         2e:ec:3d:de:03:17:6d:9c:55:70:01:eb:d3:2f:e7:21:5f:ee:
         9b:8b:fb:99:b5:ea:c0:f5:11:1b:2a:54:24:dc:b7:c1:b2:d8:
         1e:d8:7b:30:a7:00:21:96:cd:1c:41:91:82:a8:62:72:b7:f8:
         37:f6:a2:f1:4c:a7:ea:82:c4:e7:10:df:46:6b:14:66:92:a2:
         33:4c:36:6c:e4:ce:43:f6:d5:79:50:a0:22:4f:a0:82:bb:15:
         f4:fd:3b:04:87:87:af:71:a1:b4:d6:4d:01:ff:08:92:3b:0c:
         5a:6b:74:74:d3:6f:bd:c2:d4:3b:54:21:a4:52:e4:10:21:2d:
         2f:e0:6c:3d:ec:66:d4:4f:f4:7b:c3:a9:46:73:8f:b7:81:50:
         75:51:c9:1a:5b:c2:0e:f3:15:91:44:4a:bd:84:e7:55:1b:69:
         79:98:0a:73:af:cb:cb:22:58:24:60:20:94:10:a1:28:0a:5b:
         23:3e:b3:cd:e2:54:d7:f2:9f:d5:51:1e:7b:c2:5c:81:59:e7:
         db:a4:88:9a:b7:ab:81:0e:a1:5e:75:44:46:96:e0:14:cd:73:
         aa:fe:49:0b:80:1e:65:bf:19:d6:09:11:67:89:f2:e7:fa:dd:
         13:52:4e:21:e0:88:4e:dc:a8:12:03:4b:e9:ba:1f:a8:90:eb:
         bd:43:59:c1
C:\temp

What next ?

Now when we have generated CSR we can submit CSR and requesting certificate the process of submitting it is online and often coupled with extra steps depending of certificate provider.