OpenSSL: Create CSR for certificate with additional Subject Alternative Name(s) (Windows)

Procedure to create CSR with SAN (Windows)

  • Login into server where you have OpenSSL installed (or download it here)
  • Go to the directory where openssl is located (on Windows)
  • Create a file named sancert.cnf  with the following information
[ req ]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = req_ext
[ req_distinguished_name ]
countryName                 = Country Name (NL)
stateOrProvinceName         = State or Province Name (ZH)
localityName               = Locality Name (AADR)
organizationName           = Organization Name (WGE)
commonName                 = Common Name (e.g. server FQDN)
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1   = sslcert.wesleygeelhoed.nl
DNS.2   = dns2.com
DNS.3   = dns3.com

* You can add even more subject alternative names if you want. Just add DNS.4 = etcetera…

  • Save the file and execute following OpenSSL command, which will generate CSR and KEY file
openssl req -out sslcert.csr -newkey rsa:2048 -nodes -keyout private.key -config sancert.cnf

This will create sslcert.csr and private.key in the present working directory. Request your certificate with the created CSR and you’re all set!

7 comments

      1. Yes, I am. The command successfully takes all the inputs configured in the file but fails at the end.

        Like

      2. The only advise I can give you is maybe try to reinstall openssl or run it from another system where it is installed. The config file from the blog is 100 percent correct and it should work. I used it many many times!

        Like

  1. i am also getting the same error.

    C:\Program Files (x86)\GnuWin32\src\openssl\0.9.8h\openssl-0.9.8h\out>openssl req -out sslcert.csr -newkey rsa:2048 -nodes -keyout
    private.key -config sancert.cnf
    error on line -1 of sancert.cnf
    424:error:02001002:system library:fopen:No such file or directory:./crypto/bio/bss_file.c:126:fopen(‘sancert.cnf’,’rb’)
    424:error:2006D080:BIO routines:BIO_new_file:no such file:./crypto/bio/bss_file.c:129:
    424:error:0E078072:configuration file routines:DEF_LOAD:no such file:./crypto/conf/conf_def.c:197:

    Like

    1. Reehan,

      This problem looks slightly different. It looks like it is not able to find the sancert.cnf config file. I tested the config file from my website with the OpenSSL version you are running and it works like a charm. Maybe try to define the exact path for the configuration file.

      Regards,

      Wesley

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s