We assume that openssl is already installed.
User certificate with a SAN
Create a new file named ext.cnf in the folder where we are going to generate certificates. Write the lines to the file:
subjectAltName=@alt_names
[alt_names]
DNS.1 = your_site.com
DNS.2 = your_site.orgReplace records in alt_names section with your owns.
Now, you need to add a flag to the command, which you use for cert generation:
-extfile ext.cnfIt will turn out something like this:
openssl x509 -req -CA ca_cert -CAkey ca_key -in cert_file -out cert_signed -days 365 -CAcreateserial -passin pass: qwe123 -extfile ext.cnfThe command example is taken from the article about generating SSL certificates.
CA certificate with a SAN
Find the openssl.cnf configuration file:
For Linux it can be:
/usr/lib/ssl/openssl.cnf (primary)
/usr/local/ssl/openssl.cnfFor RHEL Linux it is:
/etc/pki/tls/openssl.cnfIf you can’t find it, use the command:
locate openssl.cnfIt works on both Linux and MacOS.
Let’s make a copy of the file and save it to your home directory:
cat <path_that_you_found>/openssl.cnf > ~/openssl.cnfWe need to open the newly created file ~/openssl.cnf, find the v3_ca section and add the line there:
subjectAltName=@alt_namesIn the end of file add new section alt_names:
[alt_names]
DNS.1 = your_site.com
DNS.2 = your_site.orgReplace records in alt_names section with your owns.
Now, you need to add a flag to the command, which you use for CA cert generation:
-config ~/openssl.cnfIt will turn out something like this:
openssl req -new -x509 -keyout ca_key -out ca_cert -config ~/openssl.cnfThe command example is taken from the article about generating SSL certificates.
If you still have any questions, feel free to ask me in the comments under this article, or write me on promark33@gmail.com.