Adding subjectAltName in openssl
I have been looking for the way how to generate CSR included subjectAltName. This is a supplemental article for X509証明書項目-対象者代替名称(subjectAlternativeName) - Shammerism.
- enable(remove comment character) the line "req_extensions = v3_req"
- enable following configuration in openssl.cnf like below
[ v3_req ] subjectAltName=$ENV::SAN
Next, generate CSR by opennssl req command. I have no idea about the detail but SAN should include "DNS:". The value just included Hostname only is invalid. When the value is invalid, you would see the message "Error Loading request extension section v3_req".