cat > san.cnf <<EOF[ req ]default_bits = 2048distinguished_name = req_distinguished_namereq_extensions = v3_req [ req_distinguished_name ]countryName = Country Name (2 letter code)stateOrProvinceName = State or Province Name (full name)localityName = Locality Name (eg, city)organizationName = Organization Name (eg, company)commonName = Common Name (e.g. server FQDN or YOUR name)[ v3_req ]subjectAltName = @alt_names[alt_names]DNS.1 = www.netsarang.comDNS.2 = localhostIP.1 = 127.0.0.1IP.2 = 192.168.14.37EOF
openssl x509 -noout -text -in server.crt | grep DNS
利用根CA签名多域名服务器证书(网上示例,出现bug场景) 4.1新建ca目录
cd /tmp &&mkdir ca && cd ca
4.2新建配置文件san.cnf
cat > san.cnf <<EOF[ req ]default_bits = 2048distinguished_name = req_distinguished_namereq_extensions = v3_req [ req_distinguished_name ]countryName = Country Name (2 letter code)stateOrProvinceName = State or Province Name (full name)localityName = Locality Name (eg, city)organizationName = Organization Name (eg, company)commonName = Common Name (e.g. server FQDN or YOUR name)[ v3_req ]subjectAltName = @alt_names[alt_names]DNS.1 = www.netsarang.comDNS.2 = localhostIP.1 = 127.0.0.1IP.2 = 192.168.14.37EOF
参考
OPENSSL X509
[Provide subjectAltName to openssl directly on the command line](https://security.stackexchange.com/questions/74345/provide-subjectaltname-to-openssl-directly-on-the-command-line)