How to do SSL certs for multiple domains

Started by gbooker, June 03, 2006, 09:28:25 AM

Previous topic - Next topic

gbooker

Several have asked me how to create SSL certs that work with multiple domains, so here are the instructions.  In the examples below, my domain is cod3r.com:

First, I created a directory for this.  In the directory I have my CA cert as "my-ca.crt" and my CA key as "my-ca.key".  My server's certificate signing request is "cod3r-server.csr" and the output is cod3r-server.crt.  If you wish to use different filenames, change them in the signKey.sh below.

Next, create a file named extensions contain a list of all your domains like the following:
subjectAltName = DNS:www.cod3r.com, DNS:privateblog.cod3r.com, DNS:idisk.cod3r.com, DNS:svn.cod3r.com, DNS:trac.cod3r.com, DNS:www.mac.com, DNS:syncmgmt.mac.com, DNS:idisk.mac.com, DNS:configuration.mac.com
Note, this is all on one line.

Now, create a file called signKey.sh which will sign the key like the following:
openssl x509 -req -days 365 -CA my-ca.crt -CAkey my-ca.key -CAcreateserial -in cod3r-server.csr -extfile extensions -out cod3r-server.crt

Anytime you wish to add a domain, edit the extensions file and add them (be sure to add the DNS: in front and the commas between values).  Execute sh signKey.sh and you have a new cert.  Install it, and reload apache.

Hope this helps everyone.