§2023-08-02

• OpenSSL generate self signed certificate with SAN in one command (subject alternative name)@raymii.org

¶Generate Self Signed Certificate with SAN

If you are using OpenSSL 1.1.1 or higher you can simply use the -addext "subjectAltName = parameter like so:

openssl req -nodes -x509 -sha256 -newkey rsa:4096 \
  -keyout example.org.key \
  -out example.org.crt \
  -days 356 \
  -subj "/C=NL/ST=Zuid Holland/L=Rotterdam/O=ACME Corp/OU=IT Dept/CN=example.org"  \
  -addext "subjectAltName = DNS:localhost,DNS:example.org"