How do I set up a Subject Alternate Name

August 11, 2015 1.1k views
Miscellaneous Arch Linux

I am dealing with Amazon AWS and they require that my certificate have a "Subject Alternate Name". How do I enter that on my self-signed certificate? Can I add it to an existing certificate (.pem)?

1 comment
1 Answer

In order to have a Subject Alternate Name (SAN) on an SSL certificate, you must first edit your OpenSSL configuration. On Ubuntu/Debian, that can be found at /etc/ssl/openssl.cnf Find the section of that file with the heading [ v3_ca ], you can add the line with your SAN there:

subjectAltName =

If you need to use more than one SAN, you can use this format:

[ v3_req ]
# Snipping the other items that appear here for brevity
subjectAltName = @alt_names

DNS.1 =
DNS.2 =

Find more info on the CAcerts wiki.

Have another answer? Share your knowledge.