How do I specify subjectAltName in the openssl cli?

Solution 1:

Try to write the subjectAltName to a temporary file (I'll name it hostextfile) like

basicConstraints=CA:FALSE
extendedKeyUsage=serverAuth
subjectAltName=email:[email protected],RID:1.2.3.4

and link to it in openssl command via "-extfile" option, for example:

openssl ca -days 730 -in hostreq.pem -out -hostcert.pem -extfile hostextfile

Solution 2:

The openssl command doesn’t provide a way to include extensions like the subjectAltName without writing a config file first. I have written a simple utility that does it all automatically. It's available on github: https://github.com/rtts/certify

Example use:

./certify example.com www.example.com mail.example.com

This will create a file named example.com.crt that contains a certificate with the Subject Alternative Names of example.com, www.example.com, and mail.example.com.