SAN stands for Subject Alternative Name certificates and allows you to secure multiple domain names with a single SSL certificate.
SAN is used where a single server can access with multiple domain address.
Step 1: Make sure that you have openssl rpm installed in unix machine.
Command >> rpm -qa | grep openssl
Screenshot 1:
Step 2: If you does not have openssl tool.
Command >> yum install openssl
Screenshot 2:
Since i already installed the latest version its showing nothing to do.
Step 3: Create a directory open_ssl
Command >> mkdir open_ssl
Screenshot 3:
Step 4: Make one file newsan.cnf and paste below commands and save.
Command >> vi newsan.cnf
----------------------------------------------------------------------------------------------
[req]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
countryName = IN
stateOrProvinceName = MAHA
organizationName = MiddlewareBox
commonName = www.openssltest.com
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = www.middbox.com
DNS.2 = www.mb.com
----------------------------------------------------------------------------------------------
Screenshot 4:
Step 5: Use below openssl command.
Command >> openssl req -new -out opensslSan.csr -newkey rsa:2048 -nodes -keyout private.key -config newsan.cnf
Screenshot 5:
Step 6: Open the created xxxxx.csr
Command >> cat opensslSan.csr
-------------------------------------------------------------------------------------------------------
-----BEGIN CERTIFICATE REQUEST-----
MIIC0DCCAbgCAQAwUjELMAkGA1UEBhMCSU4xDTALBgNVBAgMBE1BSEExFjAUBgNV
BAoMDU1pZGRsZXdhcmVCb3gxHDAaBgNVBAMME3d3dy5vcGVuc3NsdGVzdC5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8s3Qf2d3pYrqrZc5X45ls
o7gEHKf5lY6fKkL3Q58Emg5RK6dQd+9fDwRot0KstYYPKvh2CdVQ+3kUzjGsv5Sh
VMWhocxiiHtzwD794GIl+TnvJyvp6HGuWbjEuwLvs3X6bliUgDwRtV++aIF+023G
Pt+VkVHPZYOYcYJtCg3+GS/aYvXzTFvbC9wUgLEE+/sN4M9fAR+tf7zv6zvxK1l5
KPc7tyJDZUuKc9jpSGKl8WZnJlSpRI8tFTNDmwBOe92WGPrRHEkk0SuBLRJL05G3
Eec8ZTk+Q0YRhZmkQC6C4LynkkLlaE5dvcxy+OKWgZRiWz1ercw0HJgDW5s2/wUF
AgMBAAGgOTA3BgkqhkiG9w0BCQ4xKjAoMCYGA1UdEQQfMB2CD3d3dy5taWRkYm94
LmNvbYIKd3d3Lm1iLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAeOA3KbDjHytpEKUC
SvFkbnMEEz/aeAIc6HuxM7w5t3BofQYOxua0x2sROT9chuNPp02ENG5NrMVA62ue
5IrG1Yz//i/wP+YtHdy6svu1Z2tbQkPGvppJqCuzCH5de7wGJW/04VqkHP7GAWRe
PH5wxN+6PkDSGbI7+MlLqhX3O8rCSeXQ7oqj08S3GFZ4C9gAGEjreUNQ4lOFOXev
ncvp6AU9USa9vY+SJLrtnlA4Jysnv71sxJ9/C/3g489fHrEoTxY6wx7b1c2sLwwN
8LJA76COYAhyko1eF4E6OH6bfyO3YVV4nWwCRUny8tGy5ygykFDKjPt3LgT7KjKd
ggswEQ==
-----END CERTIFICATE REQUEST-----
-------------------------------------------------------------------------------------------------------
Screenshot 6:
Step 7: Copy the above cerificate content and paste on CSR decoder website
CSR decoder link : Https://certlogik.com/decoder/
Screenshot 7-1:
Screenshot 7-2:
Step 8: Reading a CSR to determine what information it contains.
Command >> openssl req -text -noout -in <filename for csr>
Screenshot 8:
Reference link : https://www.ibm.com/support/
Reference link : https://www.phildev.net/ssl/opensslconf.html
Reference link : Most-common-openssl-commands.html
Reference link : https://www.websecurity.symantec.com/
Thanks :-)