SAN stands for Subject Alternative Names and it allows you to use a single certificate for multiple CN.
It’s different from a wildcard certificate because with a SAN certificate you can have multiple complete CN (e.g. byruit.io, elena.com).
First, you have to create a .conf file with this content:
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
organizationName = Organization Name (eg, company)
commonName = byruit.io
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = mail.compukitty.net
DNS.2 = monitor.compukitty.net
DNS.3 = compukitty.net
IP.1 = 10.130.8.7
The CN is the main domain you want to verify; ensure that this domain is also under the [alt_names]. You can add up to 250 domains.
Generate the CSR and KEY:
openssl req -new -out byruit.csr -newkey rsa:4096 -nodes -sha256 -keyout byruit.key -config san.conf
To verify the CSR:
openssl req -text -noout -verify -in byruit.csr