For multi domain, we have to create a config file for openssl command to refer to, since the interactive mode would not, by default ask for multi domain in a CSR creation.
To create the config file, please follow below command (this example is for mydomain.com)
$ cat >> www-portal.mydomain.conf <<EOF
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = MY
ST = Selangor
L = Cyberjaya
O = MyCompany
OU = Software Development Division
CN = www.mydomain.com
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = portal.mydomain.com
EOF
Run openssl CSR creation command against the config file
$ openssl req -new -newkey rsa:2048 -nodes -keyout www-portal.mydomain.key -out www-portal.mydomain.csr -config www-portal.mydomain.conf
Once generated, we can send the CSR to the Certificate Authority (usually SSL provider), to get our cert. This one CSR is usable for 2 domains, which are www.mydomain.com and portal.mydomain.com.
No comments:
Post a Comment