Title
Create new category
Edit page index title
Edit category
Edit link
How to create a sample self-signed certificate with SAN using OpenSSL
This article is applied to Web Browsers (Chrome, Firefox, etc.) releases deployed on Windows Linux and macOS systems. It is required to use OpenSSL verasion 3.x to execute these steps.
Issue:
Modern web browsers require a Subject Alternative Name (SAN) in SSL/TLS certificates. The Common Name (CN) field, historically used for hostname verification, is deprecated due to compatibility and security concerns. Browsers reject certificates lacking SAN with errors like: “Certificate is not valid for the name.”
Affected Version/Platforms: Chrome 58 and later, Firefox, and other modern web browsers.
Resolution: To create an sample SSL/TLS certificate for testing purposes with a Subject Alternative Name (SAN), follow these steps:
- Create the
san.cnfConfiguration File:
[ req ]default_bits = 2048prompt = nodefault_md = sha256distinguished_name = dnreq_extensions = req_ext[ dn ]CN = yourdomain.com[ req_ext ]subjectAltName = @alt_names[ alt_names ]DNS.1 = yourdomain.comDNS.2 = www.yourdomain.comDNS.3 = api.yourdomain.com- Generate the CSR and Private Key:
openssl req -new -nodes -out request.csr -newkey rsa:2048 -keyout private.key -config san.cnf- (Optional) Verify SAN Entries:
openssl req -in request.csr -noout -text | grep DNS- Create the Self-Signed Certificate:
openssl x509 -req -in request.csr -signkey private.key -out certificate.crt -days 365 -extensions req_ext -extfile san.cnfPrevention: In case there are issues with a certificate provided from a CA, testing with a self signed certificate can help with the troubleshooting process.
If Further Assistance is required, please proceed to log a support case or chatting with our support engineer.
