---
title: "Create a CSR with SAN"
tags: ['Certificates', 'OpenSSL', 'Quick Note', 'TLS']
date: 2022-12-20T13:56:56.467033+00:00
---
Another quick note today: how to generate a CSR for a basic certificate supported by modern browsers (includes `Subject Alternative Name`).

## Config file

```toml
# example.conf
[req]
prompt = no
distinguished_name = dn
req_extensions = req_ext

[dn]
CN = example.com
O = Company Name
L = Lyon
C = FR

[req_ext]
subjectAltName = DNS: example.com, IP: 192.168.1.1
```

Of course, remember to adjust the settings according to the organization you're creating the CSR for:

* `[dn]` (distinguished name) section
* `subjectAltName` line (DNS and IP)

## Private key

```bash
openssl genrsa -out example.key 4096
```

## CSR

```bash
openssl req -new -config example.conf -key example.key -out example.csr
```