OpenSSL: how to generate a CSR with interactively solicited Subject Alternative Names (SANs)?

view story

http://serverfault.com – I wish to configure OpenSSL such that when running openssl req -new to generate a new certificate signing request, I am prompted for any alternative subject names to include on the CSR. I have added this line to the [req_attributes] section of my openssl.cnf: subjectAltName = Alternative subject names This has the desired effect that I am now prompted for SANs when generating a CSR: $ openssl req -new -out test.csr -key ./test.key <<< You are about to be asked to enter information that will be incorporated into your certificate request. (HowTos)