Procedure to create CSR with SAN (Windows)
- Login into server where you have OpenSSL installed (or download it here)
- Go to the directory where openssl is located (on Windows)
- Create a file named sancert.cnf with the following information
[ req ] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] countryName = Country Name (NL) stateOrProvinceName = State or Province Name (ZH) localityName = Locality Name (AADR) organizationName = Organization Name (WGE) commonName = Common Name (e.g. server FQDN) [ req_ext ] subjectAltName = @alt_names [alt_names] DNS.1 = sslcert.wesleygeelhoed.nl DNS.2 = dns2.com DNS.3 = dns3.com
* You can add even more subject alternative names if you want. Just add DNS.4 = etcetera…
- Save the file and execute following OpenSSL command, which will generate CSR and KEY file
openssl req -out sslcert.csr -newkey rsa:2048 -nodes -keyout private.key -config sancert.cnf
This will create sslcert.csr and private.key in the present working directory. Request your certificate with the created CSR and you’re all set!
I get the following error
error, no objects specified in config file
problems making Certificate Request
Are you running the openssl and config file from the same directory?
Yes, I am. The command successfully takes all the inputs configured in the file but fails at the end.
The only advise I can give you is maybe try to reinstall openssl or run it from another system where it is installed. The config file from the blog is 100 percent correct and it should work. I used it many many times!
Also having this error, did you ever figure it out?
Yes, but I am not fully sure what change solved the problem. It just started working. I suspect that the culprit was the location of the san.cnf file.
I had the exact same thing; on Github i came accross a solution that helped:
I just went through this same issue. While the command ran I was seeing prompts like “US:” and I was just hitting enter because the values I wanted were in the file.
I added the line prompt=no to the [req] section and my request ran without error. like this:
prompt = no
Hope this helps!
i am also getting the same error.
C:\Program Files (x86)\GnuWin32\src\openssl\0.9.8h\openssl-0.9.8h\out>openssl req -out sslcert.csr -newkey rsa:2048 -nodes -keyout
private.key -config sancert.cnf
error on line -1 of sancert.cnf
424:error:02001002:system library:fopen:No such file or directory:./crypto/bio/bss_file.c:126:fopen(‘sancert.cnf’,’rb’)
424:error:2006D080:BIO routines:BIO_new_file:no such file:./crypto/bio/bss_file.c:129:
424:error:0E078072:configuration file routines:DEF_LOAD:no such file:./crypto/conf/conf_def.c:197:
This problem looks slightly different. It looks like it is not able to find the sancert.cnf config file. I tested the config file from my website with the OpenSSL version you are running and it works like a charm. Maybe try to define the exact path for the configuration file.
Thank you very much for sharing this clean & easy way to generate a fully qualified CSR including SAN on Windows!
I googled quite a which before stumbling across your blog and this is by far the simplest way to get the job done without and extra bells & whistles. 😉
All the best to you, your family and also your beautiful dogs!