Why ?
The purpose of SAN is to have multiple CN and
this will be used instead of wild card (*.domain.com) CN if same certificate will
be used for multiple subdomain.
How ?
1- create
a configuration file as below.
vi req.conf
[req]
distinguished_name =
req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = BH
ST = MANAMA
L = MANAMA
O = <companyName>
OU = IT
CN = CN.Domain
[v3_req]
keyUsage = keyEncipherment,
dataEncipherment
extendedKeyUsage =
serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = CN1.Domain
DNS.2 = CN2.Domain
2- Create
CSR file along with the key and keep a copy of this private key that you may
use it if needed:
openssl req -new -out
certificate.csr -newkey rsa:2048 -nodes -sha256 -keyout certificate.key -config
req.conf
Submit
the certificate to CA to be singed , you may want to verify the CSR file
information, use the below :
openssl req -text -noout
-verify -in certificate.csr
Below
are pem file certificate sequence for a reference in case needed:
-----BEGIN CERTIFICATE-----
(Your Primary SSL
certificate: your_domain_name.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate
certificate: DigiCertCA.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate:
TrustedRoot.crt)
-----END CERTIFICATE-----
No comments:
Post a Comment