From LedHed's Wiki
Revision as of 02:42, 31 March 2016 by Ledhed (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Overview

Create a Key

Create a server key in pem format:

openssl genrsa -out server.key 2048


Create a Config File

Normally when you generate a CSR you are prompted with several questions like Country, State, yadda yadda. You can create a config file which pre-populates these fields. In this case we will use this config file to add in the Subject Alternative Names (SAN).

[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req

[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = California
localityName = Locality Name (eg, city)
localityName_default = Sacramento
organizationalUnitName = Organizational Unit Name (eg, section)
commonName = Common Name (eg, YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 40

[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1 = www.yourdomain.com
DNS.2 = webmail.yourdomain.com
DNS.3 = www.otherdomain.com

You can modify the above settings to suit your needs. Most importantly is the [alt_names] section. This is where we add the other domains (SAN). You will be able to override the other info when creating the CSR in the next section.
Note: that when prompted for commonName: to enter your primary domain name.

Create a CSR

Create a server "Certificate Signing Request" (CSR):

openssl req -new -key server.key -out server.csr -config server.conf





Reference

http://blog.danmassey.net/?p=407