This method of generating the certificate with this CSR is useful when using for a web server, as without specifying the req_ext “SAN”, most popular browsers will display an error “ERR:certificate_common_name_invalid”

[ req ]
default_bits = 4096
prompt = no 
encrypt_key = no
default_md = sha256
distinguished_name = dn
req_extensions = req_ext

[ dn ]
CN = example.com
emailAddress = [email protected]
O = Example
Company OU = Example Unit
L = City
ST = State
C = US
[ req_ext ]
subjectAltName = DNS: www.example.com, DNS: mail.example.com, DNS: files.example.com

Fill in the above with relevant details and save it as yourdomain.com.conf Then, run OpenSSL using the below command :

openssl req -new -config yourdomain.com.conf -keyout yourdomain.com.key -out yourdomain.com.csr

If you are doing this for an Apache web server, you’ll have to make sure you have the a2enmod ssl enabled and add the below to your VirtualHost configuration file

 SSLEngine on
 SSLCertificateFile /home/user/certificates/yourhostcert.crt
 SSLCertificateKeyFile /home/user/certificates /yourdomain.com.key
 SSLCertificateChainFile /home/user/certificates/root_combined.cer