Current predicament I'm trying to figure out how to create a SSL certificate with multiple sub-domains. While still having full https to our main site. Our current site is hosting 43 sub-domains under 1 server. The issue that I'm having is that I want to create a SSL certificate that will allow any user to view our site using https for all sub-domains. I created a test under InCommon where I generated a wild card certificate, but I don't think/know if this might be best practical solution to my problem.
We currently have a full subscription to InCommon Cert Manager.
Here is the site of the company that we use.
https://cert-manager.com/customer/InCommon
Code: Select all
Server version: Apache/2.2.15 (Unix)
Server built: Jul 12 2017 13:32:34
Code: Select all
/var/www/vhosts/
site00.main.com
site01.main.com
site02.main.com
....
site43.main.com
Code: Select all
openssl genrsa -out /etc/ssl/private/secret.key 2048
Code: Select all
openssl req -sha256 -out /etc/ssl/csr/incommon-upload.csr -key /etc/ssl/private/secret.key -new
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:CA
Locality Name (eg, city) [Default City]:CITY
Organization Name (eg, company) [Default Company Ltd]:CENTOS, INC.
Organizational Unit Name (eg, section) []:CENTOS,INC.
Common Name (eg, your name or your server's hostname) []:*.main.ccom
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Code: Select all
openssl req -new -out incommon-upload.csr -key secret.key -config openssl.cnf
Code: Select all
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[req_distinguished_name]
countryName = SL
countryName_default = SL
stateOrProvinceName = Western
stateOrProvinceName_default = Western
localityName = Colombo
localityName_default = Colombo
organizationalUnitName = ABC
organizationalUnitName_default = ABC
commonName = www.main.com
commonName_max = 64
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = site00.main.com
.....
DNS.43 = site43.main.com
Here are the sites I was looking at:
https://www.devside.net/wamp-server/gen ... rtificates
http://apetec.com/support/generatesan-csr.htm