OpenSSL CSR with SAN
From KlavoWiki
Create Request
openssl req -new -newkey rsa:4096 -nodes -config /opt/ssl.conf -subj "/C=AU/ST=Queensland/L=Ipswich/O=Home/CN=email.testforme.com" -outform pem -out sslrequest.csr -keyout private.key
Verify Request File
openssl req -in sslrequest.csr -noout -text -verify
Configuration File
vi /opt/ssl.conf
[ req ] default_bits = 4096 default_keyfile = privkey.pem default_md = sha256 distinguished_name = req_distinguished_name req_extensions = req_ext attributes = req_attributes [ req_distinguished_name ] countryName_default = AU stateOrProvinceName_default = Queensland localityName_default = Ipswich commonName_default = email.testforme.com emailAddress_default = postmaster@testforme.com organizationName_default = No Org organizationalUnitName_default = No Unit [ req_attributes ] # We don't want these, but the section must exist [ req_ext ] keyUsage = nonRepudiation, digitalSignature, keyEncipherment extendedKeyUsage = clientAuth,serverAuth subjectAltName = @alt_names [ alt_names ] DNS.1 = mail.testforme.com DNS.2 = autodiscover.testforme.com DNS.3 = mail.klaverstyn.com DNS.4 = autodiscover.klaverstyn.com DNS.5 = mail.klaverstyn.com.au DNS.6 = autodiscover.klaverstyn.com.au DNS.7 = home.klaverstyn.com.au DNS.8 = mail.home.klaverstyn.com.au