How to use req.conf file

If you need to generate CSR file, however like for example for vROps you need to use OpenSSL, but you need to add SAN or multiple SANs, req.conf is your solution:

Sample file for one dns name to req.conf

Copy the below to the server that is in need of the certificate.

Edit the CN line to equal the dns name required

Edit the DNS.1 line to equal the dns name required

[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = US
ST = California
L = Palo Alto
O = YourOrganization.
OU = YourOU
CN = dns_name.com

[v3_req]
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = dns_name.com

Sample file for multiple dns names to req.conf

Copy the below to the server that is in need of the certificate.

Edit the CN line to equal the dns name required

Edit the DNS.1 to equal the dns name required

Edit the DNS.2 to equal the dns name required

[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = US
ST = California
L = Palo Alto
O = YourOrganization.
OU = YourOU
CN = dns_name..com

[v3_req]
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = dns_name.com
DNS.2 = dns_name2.com

Run this command after you have populated the req.conf file to generate the Certificate request

openssl req -new -out request_name.csr -newkey rsa:2048 -nodes -sha256 -keyout request_name.key -config req.conf

Once you obtain the certificate if you need to convert it to a .pem format use the below as an example:

openssl x509 -in mycert.crt -out mycert.pem -outform PEM

If you need explanation or you do have any questions related to this issue, please do not hesitate to leave the comment.

Visit my FB page: https://www.facebook.com/AngrySysOps

Subscribe to my YouTube channel: https://www.youtube.com/channel/UCRTcKGl0neismSRpDMK_M4A

Please leave the comment