To generate CSR file which includes more than one Fully Qualified Domain Name, you need to generate a CSR with several commonName (CN) gaps.
Note: This instruction is for Unix system users.
In Unix you can generate it using OpenSSL configuration file
Edit the "/etc/ssl/openssl.cnf" file (this may be different)
[ req ]
default_bits = 2048
prompt = no
encrypt_key = no
default_md = sha1
distinguished_name = dn
[ dn ]
C = IE
O = Official name of your institution
0.CN = First FQDN of your server
1.CN = Second FQDN of your server
2.CN = Third FQDN of your server
# ... add as much as you need
The principal FQDN should appear as the first CN (0.CN= ) because only this one will be kept in the subject of the certificate. The other CN will be transfered to the subjectAltName field in the generated certificate.
There is also the option for openssl with Command Line, examples:
- servers with existing private key openssl req -new -key myserver.key -out myserver.csr -subj "/C=IE/O=inst_name/CN=first_fqdn/CN=second_fqdn/CN=third_fqdn" -text - create private key and CSR with multiple CN names openssl req -new -newkey rsa:2048 -keyout myserver.key -out myserver.csr -subj "/C=IE/O=inst_name/CN=first_fqdn/CN=second_fqdn/CN=third_fqdn" -text
cyber_Folks S.A. – Cookie settings