How to Generate CSR With SAN (Subject Alternative Name) on Web Server?

//

Scott Campbell

In this tutorial, we will learn how to generate a CSR (Certificate Signing Request) with SAN (Subject Alternative Name) on a web server. A CSR is required when you want to obtain an SSL/TLS certificate for your website, and SAN allows you to secure multiple domain names with a single certificate.

Step 1: Accessing the Web Server

First, ensure that you have access to the web server where you want to generate the CSR. This can be done through SSH or any other method provided by your hosting provider. Once logged in, navigate to the directory where your web server’s configuration files are located.

Step 2: Generating the CSR

To generate the CSR with SAN, we will use OpenSSL, which is a widely-used open-source toolkit for SSL/TLS protocols. If OpenSSL is not installed on your server, you can install it by following these commands:

$ sudo apt update
$ sudo apt install openssl

Once OpenSSL is installed, run the following command to generate the CSR:

$ openssl req -new -sha256 -nodes -out example_com.csr -newkey rsa:2048 -keyout example_com.key -config <( cat <<EOF
[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn

[dn]
C=US
ST=New York
L=New York City
O=Example Company
OU=IT Department
CN=example.com

[SAN]
subjectAltName=DNS:example.com,DNS:www.example.com,DNS:subdomain.com
EOF )

Let’s break down this command:

  • openssl req: This command is used to generate a CSR.
  • -new -sha256 -nodes: These options specify that we want to create a new CSR using the SHA-256 hash algorithm and without encrypting the private key.
  • -out example_com.csr: This option specifies the output file name for the CSR. You can change “example_com.csr” to any filename you prefer.
  • -newkey rsa:2048 -keyout example_com.key: These options specify that we want to generate a new RSA private key with a length of 2048 bits, and the private key will be saved in “example_com.key”.
  • -config <( cat <<EOF .. EOF ): This part specifies the configuration for the CSR.

    Here, we provide information such as country, state, organization, and common name (CN). The SAN section defines the subject alternative names for which you want to secure your website.

Make sure to replace “example.com”, “www.com”, and “subdomain.com” with your own domain names in the SAN section. You can add or remove domain names as per your requirement.

Step 3: Submitting the CSR

Once you have generated the CSR file, you can submit it to a Certificate Authority (CA) of your choice. The CA will then use this CSR to issue an SSL/TLS certificate for your website. The exact process of submitting a CSR may vary depending on your CA’s interface or requirements.

Conclusion

Congratulations! You have successfully generated a CSR with SAN on your web server.

This will allow you to secure multiple domain names using a single SSL/TLS certificate. Remember to keep your private key secure and follow the CA’s instructions for installing the issued certificate onto your web server.

By following these steps, you can ensure that your website is secured with an SSL/TLS certificate and provide a safe browsing experience for your users.

Discord Server - Web Server - Private Server - DNS Server - Object-Oriented Programming - Scripting - Data Types - Data Structures

Privacy Policy