Generating a self-signed certificate with OpenSSL

To generate a certificate with SAN extension using OpenSSL, we need to create a config first. Here’s what it can look like:

[req]
default_bits  = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_req
prompt = no[req_distinguished_name]
countryName = XX
stateOrProvinceName = N/A
localityName = N/A
organizationName = Self-signed certificate
commonName = 120.0.0.1: Self-signed certificate[req_ext]
subjectAltName = @alt_names[v3_req]
subjectAltName = @alt_names[alt_names]
IP.1 = 127.0.0.1
DNS.1   = yoursites.com
DNS.2   = othersites.com
DNS.3   = anythingelse.com

An important part here is the IP.1, where the IP address is set. It’s also possible to add additional IP addresses and hostnames in this section or none if you don’t need it!

Save this config as san.cnf and pass it to OpenSSL:

openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout key.pem -out cert.pem -config san.cnf

How to generate a self-signed SSL certificate – using config file!

Generating a self-signed certificate with OpenSSL

Leave a Reply Cancel reply