If you need to generate CSR file, however like for example for vROps you need to use OpenSSL
, but you need to add SAN or multiple SANs, req.conf
is your solution:
Sample file for one dns name to req.conf
Copy the below to the server that is in need of the certificate.
Edit the CN line to equal the dns name required
Edit the DNS.1 line to equal the dns name required
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = US
ST = California
L = Palo Alto
O = YourOrganization.
OU = YourOU
CN = dns_name.com
[v3_req]
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = dns_name.com
Sample file for multiple dns names to req.conf
Copy the below to the server that is in need of the certificate.
Edit the CN line to equal the dns name required
Edit the DNS.1 to equal the dns name required
Edit the DNS.2 to equal the dns name required
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = US
ST = California
L = Palo Alto
O = YourOrganization.
OU = YourOU
CN = dns_name..com
[v3_req]
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = dns_name.com
DNS.2 = dns_name2.com
Run this command after you have populated the req.conf file to generate the Certificate request
openssl req -new -out request_name.csr -newkey rsa:2048 -nodes -sha256 -keyout request_name.key -config req.conf
Once you obtain the certificate if you need to convert it to a .pem format use the below as an example:
openssl x509 -in mycert.crt -out mycert.pem -outform PEM
If you need explanation or you do have any questions related to this issue, please do not hesitate to leave the comment.
Visit my FB page: https://www.facebook.com/AngrySysOps
Subscribe to my YouTube channel: https://www.youtube.com/channel/UCRTcKGl0neismSRpDMK_M4A