CSR

Create an SAN CSR

Key erstellen

openssl genrsa -out priv.key 4096

Vorlage erstellen oder Defaults in /etc/pki/tls/openssl.cnf anpassen

Beispiel

cat server_cert.cnf
[req]
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no
[req_distinguished_name]
C   = IN
ST  = Karnataka
L   = Bengaluru
O   = GoLinuxCloud
OU  = R&D
CN  = ban21.example.com
[req_ext]
subjectAltName = @alt_names
[alt_names]
IP.1 = 10.10.10.13
IP.2 = 10.10.10.14
IP.3 = 10.10.10.17
DNS.1 = centos8-2.example.com
DNS.2 = centos8-3.example.com

CSR erstellen

openssl req -new -key priv.key -out ban21.csr -config server_cert.cnf

CSR überprüfen

openssl req -noout -text -in ban21.csr