[SOLVED] Apache SSL with multiple sub-domains.

DrNatas · Post by **DrNatas** » 2017/08/02 23:03:25

Has anyone else come across this issue in the past?

Current predicament I'm trying to figure out how to create a SSL certificate with multiple sub-domains. While still having full https to our main site. Our current site is hosting 43 sub-domains under 1 server. The issue that I'm having is that I want to create a SSL certificate that will allow any user to view our site using https for all sub-domains. I created a test under InCommon where I generated a wild card certificate, but I don't think/know if this might be best practical solution to my problem.

We currently have a full subscription to InCommon Cert Manager.
Here is the site of the company that we use.
https://cert-manager.com/customer/InCommon

Code: Select all

Server version: Apache/2.2.15 (Unix)
Server built:   Jul 12 2017 13:32:34

Code: Select all

/var/www/vhosts/

site00.main.com
site01.main.com
site02.main.com
....
site43.main.com

Generating a private key.

Code: Select all

openssl genrsa -out /etc/ssl/private/secret.key 2048

Generating a certificate request. (Which fails to do what I want, because I think because it won't allow sub-domains)

Code: Select all

openssl req -sha256 -out /etc/ssl/csr/incommon-upload.csr -key /etc/ssl/private/secret.key -new

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:CA
Locality Name (eg, city) [Default City]:CITY
Organization Name (eg, company) [Default Company Ltd]:CENTOS, INC.
Organizational Unit Name (eg, section) []:CENTOS,INC.
Common Name (eg, your name or your server's hostname) []:*.main.ccom
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

The idea that I thought was to use the following openssl.cnf to populate all my sub-domains user DNS.1 to DNS.43

Code: Select all

openssl req -new -out incommon-upload.csr -key secret.key -config openssl.cnf

Code: Select all

[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[req_distinguished_name]
countryName = SL
countryName_default = SL
stateOrProvinceName = Western
stateOrProvinceName_default = Western
localityName = Colombo
localityName_default = Colombo
organizationalUnitName = ABC
organizationalUnitName_default = ABC
commonName = www.main.com
commonName_max = 64
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 =  site00.main.com
.....
DNS.43 =  site43.main.com

Here are the sites I was looking at:
https://www.devside.net/wamp-server/gen ... rtificates
http://apetec.com/support/generatesan-csr.htm