# SSL
# SAN certs
SAN certs allow you to have multiple domains under the same certificate.
# 1. Create a san.cnf file
In the directory you want to generate the certificate create a san.cnf file with the following contents updated for your project.
NOTES
default_bitscan be changed to 4096 if required lower encryption.- Replace all
{...}with your clients information{rootDomain}with the domains root domain{countryName}with clients country{state}with clients state or province{city}with clients city{companyName}with clients company name{organizationalUnit}with organizational unit name (eg Security)
[alt_names]You can add or remove alt-names to match your needs.- Make sure you increment the
DNS.#before the alt-name or it will overwrite with the last one.
- Make sure you increment the
[req]
default_bits = 4096
prompt = no
distinguished_name = req_distinguished_name
req_extensions = req_ext
[req_distinguished_name]
countryName = {countryName}
stateOrProvinceName = {state}
localityName = {city}
organizationName = {companyName}
organizationalUnitName = {organizationalUnit}
commonName = {rootDomain}.com
[req_ext]
subjectAltName = @alt_names
[alt_names]
DNS.1 = admin.{rootDomain}.com
DNS.2 = cdn.{rootDomain}.com
DNS.3 = www.{rootDomain}.com
# 2. Generate Keys & CSR
openssl req -out sslcert.csr -newkey rsa:4096 -nodes -keyout private.key -config san.cnf
# 3. Check CSR
openssl req -noout -text -in sslcert.csr | grep DNS