Technical Note: [FortiSOAR / Cybersponse Tricks'n'Tips] CSR (Certificate Signing Request) file generation for SAN certificate.

• Login to CyOPs server shell.
• Create a SAN (Subject Alternative Names) config file and add the below configuration:

Note: In the configuration, you need to change the [san_name] section to change/add more names.

 [csadmin@cyops-dev ~]$ vi san_csr.cnf

[ req ] default_bits       = 2048 distinguished_name = req_distinguished_name req_extensions     = req_ext [ req_distinguished_name ] countryName                 = Country Name (2 letter code) stateOrProvinceName         = State or Province Name (full name) localityName               = Locality Name (eg, city) organizationName           = Organization Name (eg, company) commonName                 = Common Name (e.g. server FQDN or YOUR name) [ req_ext ] subjectAltName = @san_names [san_names] DNS.1   = mydomain.com DNS.2   = mydomain.net DNS.3   = www.testdomin.org

•  Save the above file and run the openssl command to generate .csr and .key files.

openssl req -out ssl_san.csr -newkey rsa:2048 -nodes -keyout san_private.key -config san_csr.cnf

• Here, you will be prompted to enter information that will be incorporated into your certificate request.
• Please pass your inputs to openssl.
• After the successful execution, the above command will create "ssl_san.csr" and "san_private.key" files.
• You should now send the "ssl_san.csr" file to certificate signer authority to get CA signed SAN SSL certificate. 

To Verify the SAN names from the generated .csr file

openssl req -noout -text -in ssl_san.csr |grep DNS