How to create CSR with multiple SANs

Sometime you would like to include SAN (Subject Alternative Name) to your certificate. SAN is a specific type of SSL that allows you to secure multiple domains/subdomains with just one SSL.

However VMware tool /usr/lib/vmware-vmca/bin/certificate-manager have no option to add SANs.

The solution for this is to not use certificate manager from VMware to create CSR, but use req.conf file.


  1. SSH to your vCenter server
  2. Create new file named req.conf
  3. Paste this code:
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
C = your_country
ST = state
L = City
O = Organization
OU = OrgUnit
CN =

extendedKeyUsage = serverAuth
subjectAltName = @alt_names
DNS.1 =
  1. Edit only (Do not change anything else!):
    • C
    • ST
    • L
    • O
    • OU
    • CN
    • DNS.1
  1. If you want multiple SANs add more DNS entries after DNS.1

DNS.1 =
DNS.2 =
DNS.3 =

  1. Save the file – name has to be req.conf
  2. Run this command to request CSR:
openssl req -new -out request_name.csr -newkey rsa:2048 -nodes -sha256 -keyout request_name.key -config req.conf

How to create a certificate from this CSR please read this article – >


If you need for same reason to convert your certificate to PEM format:

openssl x509 -in mycert.crt -out mycert.pem -outform PEM

Please like and share to spread the knowledge in the community.

Let’s chat on Twitter:

Visit my FB page:

Subscribe to my YouTube channel:

Please leave the comment