Linux for Everyone

In this post we will see, how can we create CSR with SAN, which stands for Subject Alternative Names and obviously using openssl command. For those who do not know what is SAN, let me cover this in short.There are 3 main types of SSL  Standard SSL  :- Used for securing single domain. like www.domain.com, i,e one domain -- one certificate Wild card SSL : - Used for securing multiple sub-domains like home.domain.com office.domain.com in single certificate, i.e multiple subdomain --- single certificate Multi-domain SSL : -- Used for securing multiple domains, like www.domain.com, www.home.com, www.office.net, i,e multiple domains --- single certificate. So, SAN comes under multiple domains certificate category. When you purchase a multi-domain certificate from certificate issuing authority ,they give you options of defining SAN along with primary domain. So, Here we are discussing about how to create CSR(which is required while purchasing the certificate) with SAN itself.

Before Generating CSR ,let see what is Openssl. It is nothing but a core library ,which is used for general purpose in cryptography,it is an open source product which work towards the implementation of SSL and TLS protocols. Talking about openssl, some people called the certificates generated from openssl as "self signed certificate". lets go towards now,creating CSR and private key using openssl command, Just log in to any of your Linux box and run following command as  root user  replacing the required information as per your need . [root@SVR home]#   openssl req -new -newkey  rsa:2048 -nodes -sha256 -out domain_name.csr -keyout domain_name.key -subj "/C=US/ST=state/L=locality/O=organization/OU=organization unit Dept/CN=www.domain.com"  You will get output like : Then check whether ,all the information we have entered ,while creating CSR is proper ,by decoding the CSR from some online tool. First do the cat to the csr file [root@SVR home]#  cat