Creating a CSR (Certificate Signing Request) with multiple domains using OpenSSL involves generating a private key and a CSR file, which includes the details of the domain(s) to be included in the certificate. The process involves the following steps:
Generate a private key using the openssl command with the following syntax:
openssl genrsa -out domain.key 2048
This generates a private key file named "domain.key" with 2048 bits of encryption.
Create a configuration file (e.g. domain.conf) that contains the details of the domains to be included in the certificate. This file should contain the following details:
[req]default_bits = 2048default_keyfile = domain.keydistinguished_name = req_distinguished_namereq_extensions = req_ext[req_distinguished_name]countryName = Country Name (2 letter code)stateOrProvinceName = State or Province Name (full name)localityName = Locality Name (eg, city)organizationName = Organization Name (eg, company)commonName = Common Name (e.g. server FQDN or YOUR name)emailAddress = Email Address[req_ext]subjectAltName = @alt_names[alt_names]DNS.1 = example.comDNS.2 = www.example.comDNS.3 = subdomain.example.com
In the example above, "example.com", "www.example.com", and "subdomain.example.com" are included as the alternate domain names.
Generate a CSR file using the openssl command with the following syntax:
openssl req -new -sha256 -key domain.key -out domain.csr -config domain.conf
This generates a CSR file named "domain.csr" that contains the details of the private key and the alternate domain names specified in the configuration file.
Submit the CSR file to a Certificate Authority (CA) to obtain a signed SSL certificate that can be installed on the server.
Overall, this process allows for the creation of a CSR file with multiple domain names that can be used to obtain a signed SSL certificate to secure those domains.