I am dealing with Amazon AWS and they require that my certificate have a “Subject Alternate Name”. How do I enter that on my self-signed certificate? Can I add it to an existing certificate (.pem)?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

1 answer

In order to have a Subject Alternate Name (SAN) on an SSL certificate, you must first edit your OpenSSL configuration. On Ubuntu/Debian, that can be found at /etc/ssl/openssl.cnf Find the section of that file with the heading [ v3_ca ], you can add the line with your SAN there:

subjectAltName = www.example.com

If you need to use more than one SAN, you can use this format:

[ v3_req ]
# Snipping the other items that appear here for brevity
subjectAltName = @alt_names

DNS.1 = mail.example.com
DNS.2 = www.example.com

Find more info on the CAcerts wiki.

Submit an Answer