How do I set up a Subject Alternate Name

Posted August 11, 2015 6.1k views
MiscellaneousArch Linux

I am dealing with Amazon AWS and they require that my certificate have a “Subject Alternate Name”. How do I enter that on my self-signed certificate? Can I add it to an existing certificate (.pem)?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

In order to have a Subject Alternate Name (SAN) on an SSL certificate, you must first edit your OpenSSL configuration. On Ubuntu/Debian, that can be found at /etc/ssl/openssl.cnf Find the section of that file with the heading [ v3_ca ], you can add the line with your SAN there:

subjectAltName =

If you need to use more than one SAN, you can use this format:

[ v3_req ]
# Snipping the other items that appear here for brevity
subjectAltName = @alt_names

DNS.1 =
DNS.2 =

Find more info on the CAcerts wiki.