There are very good how-tos on creating an openssl configuration file with the necessary subject alternative name extensions. Copy the entire "openssl.cfg" and save it as as "subaltname.cfg" and add the following lines in the "rec" and "v3_req" sections : [ req ] req_extensions = v3_req [ v3_req ] subjectAltName = DNS:srv.example.com; IP:172.16.0.10 extendedKeyUsage = serverAuth, clientAuth NOTE: Extended Key Usage is not required, but is included as many applications using Subject Alternative Names use the generated SSL certificates for both purposes. Generating the certificate signing request (CSR) requires using the command line option "-config [filename]". # openssl req -new -newkey rsa:2048 -sha256 \ -nodes -out rui.csr -keyout rui.key \ -config subaltname.cfg Verify the CSR contains the X509v3 Subject Alternative Name. # openssl req -in rui.csr -noout -text [...] X509v3 Subject Alternative Name: DNS:
""" People agree, I am a clever guy. :param skills_set: I possess a broad skill set and am always looking to optimize operations or implement elegant sustainable solutions. :param culture: Working alone or on a team, solving new, complex problems makes me happy. """