I am using OpenSSL 3.0 to create a certificate with a SAN included.
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr -subj "/C=US/O=SAM/OU=Certs/CN=HaHa" -addext "subjectAltName=DNS:haha.sam123-whatever-000.com"
openssl x509 -req -days 365 -in server.csr -key server.key -out server.cer
I do not get any errors in creation, but neither the CSR nor the certificate have the SAN included.
I read some tutorials on including a SAN with OpenSSL in a one-liner (without a config file created) and normally this should work.
What's the problem here?
In order to copy X.509 v3 extensions from your CSR to your cert, add -copy_extensions copy to your openssl x509 command, like so:
openssl x509 -req -copy_extensions copy -days 365 -in server.csr -key server.key -out server.cer
Enjoy.