Description- Login to CyOPs server shell.
- Create a SAN (Subject Alternative Names) config file and add the below configuration:
Note: In the configuration, you need to change the [san_name] section to change/add more names.
[csadmin@cyops-dev ~]$ vi san_csr.cnf
[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
organizationName = Organization Name (eg, company)
commonName = Common Name (e.g. server FQDN or YOUR name)
[ req_ext ]
subjectAltName = @san_names
[san_names]
DNS.1 = mydomain.com
DNS.2 = mydomain.net
DNS.3 = www.testdomin.org
- Save the above file and run the openssl command to generate .csr and .key files.
openssl req -out ssl_san.csr -newkey rsa:2048 -nodes -keyout san_private.key -config san_csr.cnf
- Here, you will be prompted to enter information that will be incorporated into your certificate request.
- Please pass your inputs to openssl.
- After the successful execution, the above command will create "ssl_san.csr" and "san_private.key" files.
- You should now send the "ssl_san.csr" file to certificate signer authority to get CA signed SAN SSL certificate.
To Verify the SAN names from the generated .csr file
openssl req -noout -text -in ssl_san.csr |grep DNS
