How do I specify subjectAltName in the openssl cli?
Solution 1:
Try to write the subjectAltName to a temporary file (I'll name it hostextfile) like
basicConstraints=CA:FALSE
extendedKeyUsage=serverAuth
subjectAltName=email:[email protected],RID:1.2.3.4
and link to it in openssl command via "-extfile" option, for example:
openssl ca -days 730 -in hostreq.pem -out -hostcert.pem -extfile hostextfile
Solution 2:
The openssl
command doesn’t provide a way to include extensions like the subjectAltName without writing a config file first. I have written a simple utility that does it all automatically. It's available on github: https://github.com/rtts/certify
Example use:
./certify example.com www.example.com mail.example.com
This will create a file named example.com.crt
that contains a certificate with the Subject Alternative Names of example.com, www.example.com, and mail.example.com.