In this article, we will generate SAN certificates CSR using the OpenSSL utility. SAN stands for “Subject Alternative Names” and this certificate has multiple CN (Common Names) within a single Certificate.
SAN Certificate helps us to have a common certificate for multiple CN. Thus you can use it for more than one web server.
You may include DNS entries as well as IP Addresses in the certificate to avoid certificate warning messages in the latest web browsers.
You may refer to the Microsoft Bing certificate, it is a SAN Certificate and includes multiple Common Names.
How to generate CSR with SAN
You need a server where the OpenSSL is installed. Login to the server, and just follow the below procedure to generate the SAN Certificate.
1. Navigate to /tmp directory
2. Create san.cnf file using touch
3. Edit the file using vi or nano editor
Now, edit the file as per your requirement.
You may have noticed, we have used DNS and IP in the alt_names field. You can edit this field as per your requirement.
Now, you need to run the below command to generate the CSR.
Once you executed this command, you will get the below output in CLI:
The above command will generate the server.iptrainer.csr and server.iptrainer.key in the current working directory, i.e., /tmp. You need to provide server.iptrainer.csr file to the Certificate signer Authority so they can sign it and provide it back to you.
Verify the content of CSR using OpenSSL
It is also important to verify the content of the CSR before providing it to CA (Certificate Authority). You may execute the below command to verify the content of a CSR:
You will get all of the DNS and IP Addresses you have configured in the SAN Certificate CSR
That’s it! We have successfully generated the SAN Certificate CSR using OpenSSL. You can install the certificate once you receive the Certificate from the CA (Certificate Authority).
- How to add Palo Alto Networks Firewall into Panorama
- Configure Cisco ASA Firewall for ASDM Access
- Cisco ASA: Security Levels and Zones Explained
SAN certificate has multiple Common Name, so it is easy to use with your different Web Servers. Even, you can define the IP addresses in the SAN Certificate and browse your web server without getting a certificate warning page in the latest web browsers. OpenSSL is an open-source utility, that helps us to generate SSL certificates.
Hope you like this article. In case you like this article, request you to please share it on different platforms! In case you get into error, just comment in the comment box!