How to create a SAN certificate

Michael Richardson mcr at
Sat May 21 10:45:26 UTC 2022

Henning Svane <hsv at> wrote:
    > I am using OpenSSL 1.1.1f Is there a way to make a SAN certificate
    > based on the CSR I have created in Exchange.  I need a self-signed
    > certificate for testing.

I'm not exactly sure what you think a SAN certificate is.
I guess one with a SubjectAltName extension.  Mostly, all certificates have
that these days, but whether or not the Subject is entirely filled out is a
different question.

To form a self-signed certificate from a CSR, use openssl req.
You may need a configuration file, serial number, expiry and algorithm.
You'll need access to the private key.


Some of us maintain a document on generated test CAs for ECDSA and EDDSA
key types at:
while it is in the form of an IETF ID, it is not intended for publication.

]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr at        |   ruby on rails    [

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <>

More information about the openssl-users mailing list