Sunday, January 24, 2021

Generating Certificate Signing Request (CSR) for Multi Domain

For multi domain, we have to create a config file for openssl command to refer to, since the interactive mode would not, by default ask for multi domain in a CSR creation.

To create the config file, please follow below command (this example is for

$ cat >> www-portal.mydomain.conf <<EOF


distinguished_name = req_distinguished_name

req_extensions = v3_req

prompt = no


C = MY

ST = Selangor

L = Cyberjaya

O = MyCompany

OU = Software Development Division

CN =


keyUsage = keyEncipherment, dataEncipherment

extendedKeyUsage = serverAuth

subjectAltName = @alt_names


DNS.1 =


Run openssl CSR creation command against the config file

$ openssl req -new -newkey rsa:2048 -nodes -keyout www-portal.mydomain.key -out www-portal.mydomain.csr -config www-portal.mydomain.conf

Once generated, we can send the CSR to the Certificate Authority (usually SSL provider), to get our cert. This one CSR is usable for 2 domains, which are and

No comments: