Win 150$ in dogecoins every hour!

Create key and CSR for multi-domain certificate.

If you want to secure multiple domains with one TLS/SSL certificate you will need to use multi-domain certificate with more than one Subject Alternative Name (SAN) specified in it.

Following is the procedure to create CSR for multiSAN certificate with openSSL.

First create a config file that will contain SAN information and all other parameters that need to be passed to openSSL to create CSR file.

Create multisan.conf file with following content.

distinguished_name = req_distinguished_name
req_extensions = v3_req
default_keyfile = multisan.key
prompt = no

C = CountryCode (US,GB,...)
ST = State
L = City
O = OrganizatioName
OU = OrganizationUnit
CN =

keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

DNS.1 =
DNS.2 =
DNS.3 =

Once multisan.conf file has been created create CSR file and private key to be used with certificate with following command:

openssl req -new -nodes -out multisan.csr -config multisan.conf

This will automatically write private key to multisan.key file in the same location you executed the command.

openssl req -new -nodes -out multisan.csr -config multisan.conf 
Generating a 2048 bit RSA private key
writing new private key to 'multisan.key'

Once CSR and key files have been created you can confirm CSR content with following command:

openssl req -text -noout -in multisan.csr

Now that you have CSR file you can upload that CSR to your TLS/SSL certificate vendor to order issuing of the certificate.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Win 200$ in Bitcoins every hour!