In this example I used the config file made in this post, and a CSR from this post.
1
| openssl x509 -days 3650 -CA certs/ca-root.pem -CAkey private/ca-root.key -req -in csr/example.com.csr -outform PEM -out certs/example.com.crt -CAserial serial -extfile <(cat conf/caconfig.cnf <(printf "[SAN]\nsubjectAltName=DNS:example.com,IP:127.0.1.1")) -extensions SAN
|
1 2 3 4 5 6
| openssl x509 -days 3650 -CA certs/ca-root.pem \ true-CAkey private/ca-root.key -req -in csr/example.com.csr \ true-outform PEM -out certs/example.com.crt \ true-CAserial serial \ true-extfile <(cat conf/caconfig.cnf <(printf "[SAN]\nsubjectAltName=DNS:example.com,IP:127.0.1.1")) \ true-extensions SAN
|
You have the signed certificate with the alternative names in place.