![]() ![]() If you managed to understand how an SSL certificate works this shouldn’t be a huge problem, anyway just as a recap here’s the list of the meaning for the common Subject entries you’ll need: Luckily the solution is pretty simple and straight-forward and the only requirement is that you should type the CSR subject on the command line directly, basically without the use of the interactive question mechanism. This scenario is starting to be problematic more often since we’re seeing a growing number of customers supporting sites with HTTPs connections covering both www and “non-www” subdomains for their site. ![]() Luckily that’s not the case with other Certificate products (like RapidSSL) which already offer this feature built-in. ![]() This need is due to the fact that some certificate providers (like GeoTrust) don’t cover the parent domain when requesting a new certificate (eg: CSR for won’t cover ), unless you specifically request so. I find it hard to remember a period in my whole life in which I issued, reissued, renewed and revoked so many certificates.Īnd while that’s usually fun and interesting, there’s one thing I often needed and never figured out, till a few days ago, which is how to generate CSRs (Certificate Signing Requests) with AlternativeNames (eg: including www and non-www domain in the same cert) with a one-liner command. Edit-I changed this post to use a different method than what I used in the original version cause X509v3 extensions were not created or seen correctly by many certificate providers. OpenSSL CSR with Alternative Names one-line
0 Comments
Leave a Reply. |