This is a work in progress
To create a SAN(Subject Alternative Name) CSR(Certificate Request) you need a private key created through openssl(for details read 4.4 Apache and SSL Certificates) and a config file.
Once you have the private key created a config file needs to be created to make the CSR using your favorite editor create san_server.conf. Edit the alt_names as needed
[ req ] default_bits = 2048 default_keyfile = example.key #name of the keyfile distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = CA stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = Alberta localityName = Locality Name (eg, city) localityName_default = Toronto organizationName = Organization Name (eg, company) organizationName_default = Example commonName = Common Name (e.g. server FQDN or YOUR name) commonName_max = 64 [ req_ext ] subjectAltName = @alt_names [alt_names] DNS.1 = example.com DNS.2 = example.org DNS.3 = example.net #
...
openssl req -new -out san_server.csr -key san_server.key -config san_server.conf You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [CA]: State or Province Name (full name) [Alberta]: Locality Name (eg, city) [Toronto]: Organization Name (eg, company) [Example]: Common Name (e.g. server FQDN or YOUR name) []:www.example.com
...