Creating a SAN CSR

This is a work in progress

To create a SAN(Subject Alternative Name) CSR(Certificate Request) you need a private key created through openssl(for details read 4.4 Apache and SSL Certificates) and a config file.

Once you have the private key created a config file needs to be created to make the CSR using your favorite editor create san_server.conf. Edit the alt_names as needed

[ req ]
default_bits       = 2048
default_keyfile    = example.key #name of the keyfile
distinguished_name = req_distinguished_name
req_extensions     = req_ext

[ req_distinguished_name ]
countryName                 = Country Name (2 letter code)
countryName_default         = CA
stateOrProvinceName         = State or Province Name (full name)
stateOrProvinceName_default = Alberta
localityName                = Locality Name (eg, city)
localityName_default        = Toronto
organizationName            = Organization Name (eg, company)
organizationName_default    = Example
commonName                  = Common Name (e.g. server FQDN or YOUR name)
commonName_max              = 64

[ req_ext ]
subjectAltName = @alt_names

[alt_names]
DNS.1   = example.com
DNS.2   = example.org
DNS.3   = example.net
#

...

openssl req -new -out san_server.csr -key san_server.key -config san_server.conf
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CA]:
State or Province Name (full name) [Alberta]:
Locality Name (eg, city) [Toronto]:
Organization Name (eg, company) [Example]:
Common Name (e.g. server FQDN or YOUR name) []:www.example.com

...