Create a Post
Showing results for 
Search instead for 
Did you mean: 

Adding a SAN to a CSR to be used for IPSec\SSL VPN


I have a 3rd party signed certificate that I use for VPN connections - the issue I have is that through the CSR generating process, I am not presented with an option to add a subject alternative name (SAN).

The reason I want to have a SAN in the certificate is due to other people who don't access the VPN by DNS name but by IP Address, they get an alert that the connection is not secure.

I use the CLI method to generate the CSR (sk69660).


When I use the GUI method to create the CSR, we get an error generating the cert - the GUI method does have an option to add the SAN (this is where I found the GUI method -

Please help?

0 Kudos
1 Reply



There is no need to add the SAN to the CSR, some CA's accept to add additional SANs at the time of generation. 

See if your Certificate provider can support that.


If you still want to add SANs to your CSR, you need to add smth like below to your openssl.cnf file you address .

MAKE SURE YOU HAVE the req_extensions to get the SAN's in the CSR!!!!!!


# req_extensions = v3_req # The extensions to add to a certificate request


req_extensions = req_ext # The extensions to add to a certificate request


[ req_ext ]

subjectAltName = @ckp_names

[ CKP_names ]

DNS.1 = u-fw01.a#$#$%#$

DNS.2 = u-fw02.a#$#$%#$

DNS.3 = u-fw4.a#$#$%#$


Thank you and have a nice week,


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events