Firstly create a new file (e.g. /tmp/csr_yourdomain.conf) as follows (replacing the relevant information.)
[req]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
[ dn ]
C=GB
ST=London
L=England
O=Your Company
OU=IT
[email protected]
CN = *.yourdomain.com
[ req_ext ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = *.anotherdomain.com
DNS.2 = *.alternativedomain.com
The above information is typically taken when generating a single FQDN - however the inclusion of the 'alt_names' section is where SAN (subject alternative domains) are listed.
We can easily add additional domains by simply incrementing the 'DNS.' prefix e.g. DNS.3, DNS.4 etc.
Finally generate the new certificate - ensuring the configuration is pointed at the conf file you have just created:
openssl req -new -sha256 -nodes -out \*.yourdomain.com.csr -newkey rsa:2048 -keyout \*.yourdomain.key -config /tmp/csr_yourdomain.conf
No comments:
Post a Comment