{"id":32,"date":"2018-02-06T11:17:39","date_gmt":"2018-02-06T17:17:39","guid":{"rendered":"https:\/\/tech.my-netsol.com\/?p=32"},"modified":"2018-02-06T11:17:39","modified_gmt":"2018-02-06T17:17:39","slug":"know-about-san-certificate-and-how-to-create-with-openssl","status":"publish","type":"post","link":"https:\/\/tech.my-netsol.com\/?p=32","title":{"rendered":"Know about SAN Certificate and How to Create With OpenSSL"},"content":{"rendered":"<div class=\"site-container\">\n<div class=\"site-inner\">\n<div class=\"scroll-wrap entry post-8251\">\n<div class=\"post-wrapper clearfix\">\n<article class=\"post-8251 post type-post status-publish format-standard has-post-thumbnail category-security entry\">\n<header class=\"entry-header\">\n<div class=\"thumbnail-wrapper\">\n<div class=\"title-wrappre\">\n<div class=\"sp-mask-inner\">\n<div class=\"sp-item-title\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/header>\n<div class=\"entry-content clearfix\">\n<div class=\"nc_socialPanel swp_flatFresh swp_d_colorOutlines swp_i_fullColor swp_o_fullColor scale-100 scale-fullWidth swp_one\" data-emphasize=\"0\" data-floatcolor=\"#ffffff\" data-count=\"5\" data-float=\"floatNone\" data-position=\"both\">\n<div class=\"nc_tweetContainer totes totesalt\" data-id=\"6\"><a href=\"https:\/\/geekflare.com\/san-ssl-certificate\/\"><span class=\"swp_count\">Original here &#8211;\u00a0<\/span><\/a><\/div>\n<\/div>\n<p class=\"intro\">Reduce SSL cost and maintenance by using\u00a0single certificate for multiple websites using SAN certificate<\/p>\n<p>SAN stands for \u201c<strong>Subject Alternative Names<\/strong>\u201d and this helps you to have a single certificate for multiple CN (Common Name). You might be thinking this is <a href=\"https:\/\/geekflare.com\/wildcard-ssl-certificate-to-reduce-it-infrastructure-cost\/\">wildcard SSL<\/a> but let me tell you \u2013 it\u2019s slightly different. In SAN certificate, you can have multiple <strong>complete<\/strong> CN.<\/p>\n<p><strong>For ex: \u2013<\/strong><\/p>\n<ul>\n<li>Geekflare.com<\/li>\n<li>Bestflare.com<\/li>\n<li>Usefulread.com<\/li>\n<li>Chandank.com<\/li>\n<\/ul>\n<p>I can have above all and much more in a just single certificate. This means I just have to buy one cert and use in multiple URLs. Sounds interesting?<\/p>\n<p>Creation of CSR for SAN is slightly different than traditional <a href=\"https:\/\/geekflare.com\/openssl-commands-certificates\/\">OpenSSL command<\/a> and will explain in a while how to generate CSR for Subject Alternative Names SSL certificate.<\/p>\n<p>Let\u2019s take a look at a real-time example of skype.com, which has many SAN in a single certificate.<\/p>\n<div class=\"sw-pinit alignnone size-full wp-image-8252\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/geekflare.com\/wp-content\/uploads\/2015\/09\/skype-san.png\" sizes=\"auto, (max-width: 540px) 100vw, 540px\" srcset=\"https:\/\/geekflare.com\/wp-content\/uploads\/2015\/09\/skype-san.png 540w, https:\/\/geekflare.com\/wp-content\/uploads\/2015\/09\/skype-san-175x264.png 175w, https:\/\/geekflare.com\/wp-content\/uploads\/2015\/09\/skype-san-416x628.png 416w, https:\/\/geekflare.com\/wp-content\/uploads\/2015\/09\/skype-san-331x500.png 331w\" alt=\"skype-san\" width=\"540\" height=\"815\" \/><a class=\"sw-pinit-button sw-pinit-top sw-pinit-left\" href=\"http:\/\/pinterest.com\/pin\/create\/bookmarklet\/?media=https:\/\/geekflare.com\/wp-content\/uploads\/2015\/09\/skype-san.png&amp;url=https:\/\/geekflare.com\/san-ssl-certificate\/&amp;is_video=false&amp;description=skype-san\">Save<\/a><\/div>\n<p>As you can see above example \u2013 if you are managing multiple https URL, you may consider consolidating into single SSL Cert with SAN and save thousands of dollars. What do you think about this?<\/p>\n<h2>Procedure to create CSR with SAN<\/h2>\n<ul>\n<li>Login into server where you have OpenSSL installed<\/li>\n<li>Go to \/tmp or create any directory<\/li>\n<li>Create a file named <strong>san.cnf<\/strong> using vi (if on Unix) with the following information<\/li>\n<\/ul>\n<pre>[ req ]\ndefault_bits\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = 2048\ndistinguished_name = req_distinguished_name\nreq_extensions\u00a0\u00a0\u00a0\u00a0 = req_ext\n[ req_distinguished_name ]\ncountryName\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = Country Name (2 letter code)\nstateOrProvinceName\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = State or Province Name (full name)\nlocalityName\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = Locality Name (eg, city)\norganizationName\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = Organization Name (eg, company)\ncommonName\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = Common Name (e.g. server FQDN or YOUR name)\n[ req_ext ]\nsubjectAltName = @alt_names\n[alt_names]\n<strong>DNS.1<\/strong>\u00a0\u00a0 = bestflare.com\n<strong>DNS.2\u00a0<\/strong>\u00a0 = usefulread.com\n<strong>DNS.3\u00a0<\/strong>\u00a0 = chandank.com<\/pre>\n<p><strong>Note:<\/strong> alt_names section is the one you have to change for additional DNS.<\/p>\n<ul>\n<li>Save the file and execute following OpenSSL command, which will generate CSR and KEY file<\/li>\n<\/ul>\n<pre>openssl req -out sslcert.csr -newkey rsa:2048 -nodes -keyout private.key -config san.cnf<\/pre>\n<p>This will create sslcert.csr and private.key in the present working directory. You have to send sslcert.csr to certificate signer authority so they can provide you a certificate with SAN.<\/p>\n<h2>How to verify CSR for SAN?<\/h2>\n<p>It will be a good idea to check if your CSR contains the SAN, which you specified above in san.cnf file.<\/p>\n<pre>openssl req -noout -text -in sslcert.csr | grep DNS<\/pre>\n<p><strong>Ex:<\/strong><\/p>\n<pre>[root@Chandan test]# openssl req -noout -text -in sslcert.csr | grep DNS\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <strong>DNS:bestflare.com, DNS:usefulread.com, DNS:chandank.com<\/strong>\n[root@Chandan test]#<\/pre>\n<p>You can also use <a href=\"https:\/\/geekflare.com\/ssl-test-certificate\/\">online tools<\/a> to verify SAN and other many parameters. I hope this helps you to understand SAN Certificate.<\/p>\n<\/div>\n<\/article>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Original here &#8211;\u00a0 Reduce SSL cost and maintenance by using\u00a0single certificate for multiple websites using SAN certificate SAN stands for \u201cSubject Alternative Names\u201d and this helps you to have a single certificate for multiple CN (Common Name). You might be thinking this is wildcard SSL but let me tell you \u2013 it\u2019s slightly different. In &#8230; <a title=\"Know about SAN Certificate and How to Create With OpenSSL\" class=\"read-more\" href=\"https:\/\/tech.my-netsol.com\/?p=32\" aria-label=\"Read more about Know about SAN Certificate and How to Create With OpenSSL\">Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[11,4,1],"tags":[15,16,17,20],"class_list":["post-32","post","type-post","status-publish","format-standard","hentry","category-linux","category-ssl","category-uncategorized","tag-csr","tag-openssl","tag-san","tag-wildcard"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/tech.my-netsol.com\/index.php?rest_route=\/wp\/v2\/posts\/32","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tech.my-netsol.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tech.my-netsol.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tech.my-netsol.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/tech.my-netsol.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=32"}],"version-history":[{"count":0,"href":"https:\/\/tech.my-netsol.com\/index.php?rest_route=\/wp\/v2\/posts\/32\/revisions"}],"wp:attachment":[{"href":"https:\/\/tech.my-netsol.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=32"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tech.my-netsol.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=32"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tech.my-netsol.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=32"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}