(Created page with "== Overview == == Create a Key == Create a server key in pem format: openssl genrsa -out server.key 2048 == Create a Config File == Normally when you generate a CSR you a...") |
|||
| Line 1: | Line 1: | ||
== Overview == | == Overview == | ||
| + | If you happen to host multiple websites on a single server, you may need to a multi domain SSL certificate. This article will explain how to create a certificate with Subject Alternative Names. This allows you to assign a single cert to all of your sites. Yes you can create an individual cert for each site, but sometimes its nice to manage a single cert. | ||
| Line 38: | Line 39: | ||
You can modify the above settings to suit your needs. Most importantly is the ''[alt_names]'' section. This is where we add the other domains (SAN). You will be able to override the other info when creating the CSR in the next section. | You can modify the above settings to suit your needs. Most importantly is the ''[alt_names]'' section. This is where we add the other domains (SAN). You will be able to override the other info when creating the CSR in the next section. | ||
| − | + | ||
| − | + | ||
== Create a CSR == | == Create a CSR == | ||
Create a server "Certificate Signing Request" (CSR): | Create a server "Certificate Signing Request" (CSR): | ||
openssl req -new -key server.key -out server.csr -config server.conf | openssl req -new -key server.key -out server.csr -config server.conf | ||
| − | + | '''Note: When prompted for ''commonName:'' to enter your primary domain name.''' | |
| − | + | Example: | |
| − | + | Common Name (eg, YOUR name) []:yourdomain.com | |
| − | + | ||
Revision as of 02:47, 31 March 2016
Overview
If you happen to host multiple websites on a single server, you may need to a multi domain SSL certificate. This article will explain how to create a certificate with Subject Alternative Names. This allows you to assign a single cert to all of your sites. Yes you can create an individual cert for each site, but sometimes its nice to manage a single cert.
Create a Key
Create a server key in pem format:
openssl genrsa -out server.key 2048
Create a Config File
Normally when you generate a CSR you are prompted with several questions like Country, State, yadda yadda. You can create a config file which pre-populates these fields. In this case we will use this config file to add in the Subject Alternative Names (SAN).
[req] distinguished_name = req_distinguished_name req_extensions = v3_req [req_distinguished_name] countryName = Country Name (2 letter code) countryName_default = US stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = California localityName = Locality Name (eg, city) localityName_default = Sacramento organizationalUnitName = Organizational Unit Name (eg, section) commonName = Common Name (eg, YOUR name) commonName_max = 64 emailAddress = Email Address emailAddress_max = 40 [v3_req] keyUsage = keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1 = www.yourdomain.com DNS.2 = webmail.yourdomain.com DNS.3 = www.otherdomain.com
You can modify the above settings to suit your needs. Most importantly is the [alt_names] section. This is where we add the other domains (SAN). You will be able to override the other info when creating the CSR in the next section.
Create a CSR
Create a server "Certificate Signing Request" (CSR):
openssl req -new -key server.key -out server.csr -config server.conf
Note: When prompted for commonName: to enter your primary domain name. Example:
Common Name (eg, YOUR name) []:yourdomain.com