Loading

Create a Self-signed Certificate with a SAN (Subject Alternative Name)

Udgivelsesdato: Aug 6, 2025
Trin

QUESTION

I would like to create a certificate with SAN for testings in BYOK RTF (Runtime Fabric on Self-Managed Kubernetes)

ANSWER

1. Find your openssl.cnf file. It is likely located in /usr/local if it's MacBook or you can use the sample file attached 
$ openssl version
OpenSSL 1.1.1l  24 Aug 2021

$ find /usr/local -name openssl.cnf
/usr/local/etc/openssl@1.1/openssl.cnf
/usr/local/Cellar/openssl@1.1/1.1.1l_1/.bottle/etc/openssl@1.1/openssl.cnf
/usr/local/Cellar/openssl@1.1/1.1.1l/.bottle/etc/openssl@1.1/openssl.cn
...

2. Add an alternate_names section to openssl.cnf with the names you want to use.  
[ alternate_names ]

DNS.1        = api.example.com
DNS.2        = www.example.com
3. Create the private and certificate (private.key & certificate.pem) 
$  openssl genrsa -out private.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
.....................+++++
........................................................................................+++++
e is 65537 (0x010001)

$ openssl req -new -x509 -key private.key -sha256 -out certificate.pem -days 730 -config ./openssl.cnf
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:NSW
Locality Name (eg, city) []:Sydney
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example
Organizational Unit Name (eg, section) []:www
Common Name (e.g. server FQDN or YOUR name) []:api
Email Address []:
4. Check the certificate  
$ openssl x509 -noout -text -in certificate.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:e7:9a:4a:a0:aa:0b:c9:32:0d:36:4e:34:3f:d1:6e:f9:a2:b4:6c
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = AU, ST = NSW, L = Sydney, O = Example, OU = www, CN = api
        Validity
            Not Before: Oct 29 01:06:43 2021 GMT
            Not After : Oct 29 01:06:43 2023 GMT
        Subject: C = AU, ST = NSW, L = Sydney, O = Example, OU = www, CN = api
...
            X509v3 Subject Alternative Name:
                DNS:api.example.com, DNS:www.example.com
...

 

ADDITIONAL INFORMATION

Disclaimer: This article involves products and technologies which do not form part of the MuleSoft product set. Technical assistance for such products is limited to this article.

Yderligere ressourcer
openssl.cnf
Vidensartikelnummer

001116708

 
Indlæser
Salesforce Help | Article