Creating UCC/SAN Certificates
From Useful Knowledge
Contents |
Creating UCC/SAN Certificates
Below is the OpenSSL process for creating UCC/SAN certificates. Steps:
- Create a sub-directory to store all of the certificate files.
- Create the configuration file, saving the file as <webaddress>.csr
- Generating the CSR for the SAN Certificate
Create a configuration File
The only way to create a UCC/SAN certificate is to create an OpenSSL configuration file and specify Subject Alternate Names therein. This will allow you to generate the CSR by specifying the config file in the OpenSSL command.
[ req ] default_bits = 1024 default_keyfile = private_key.pem distinguished_name = req_distinguished_name req_extensions = req_ext #The extensions contain the reference the subject alternate names. [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = US stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = Illinois localityName = Locality Name (eg, city) localityName_default = Chicago organizationName = Organization Name (eg, company) organizationName_default = Example, Co. commonName = Common Name (eg, YOUR name) commonName_max = 64 [ req_ext ] subjectAltName = @alternate_names [ alternate_names ] DNS.1 = test.domain.com DNS.2 = other.domain.com DNS.3 = www.domain.net
Generate the CSR Using OpenSSL and a Configuration File
You want to issue the request command, specifying that you want a new request, using nodes, with outfile <webaddress>.csr and <webaddress>.conf as the config file.
openssl req -new -nodes -out myreq.csr -config req.conf Generating a 1024 bit RSA private key ............................................................++++++ ..++++++ writing new private key to 'privkey.pem' -----
Combining Key and Cert into PFX with Intermediate Certs
openssl pkcs12 -export -in CERTFICATE.crt -inkey KEYFILE.pem -out SITE.pfx -CAfile INTERMEDIATE_CERT.crt
