OpenSSL: Create CSR for certificate with additional Subject Alternative Name(s) (Windows)

Procedure to create CSR with SAN (Windows)

  • Login into server where you have OpenSSL installed (or download it here)
  • Go to the directory where openssl is located (on Windows)
  • Create a file named sancert.cnf  with the following information
[ req ]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = req_ext
[ req_distinguished_name ]
countryName                 = Country Name (NL)
stateOrProvinceName         = State or Province Name (ZH)
localityName               = Locality Name (AADR)
organizationName           = Organization Name (WGE)
commonName                 = Common Name (e.g. server FQDN)
[ req_ext ]
subjectAltName = @alt_names
DNS.1   = sslcert.wesleygeelhoed.nl
DNS.2   = dns2.com
DNS.3   = dns3.com

* You can add even more subject alternative names if you want. Just add DNS.4 = etcetera…

  • Save the file and execute following OpenSSL command, which will generate CSR and KEY file
openssl req -out sslcert.csr -newkey rsa:2048 -nodes -keyout private.key -config sancert.cnf

This will create sslcert.csr and private.key in the present working directory. Request your certificate with the created CSR and you’re all set!