OpenSSL CERT - Multiple Domains (Common Names) in one CERT

Problems with the Windows version of XAMPP, questions, comments, and anything related.

OpenSSL CERT - Multiple Domains (Common Names) in one CERT

Postby gilbertv » 21. February 2007 20:13

I'm not sure anyone has had much success creating Multiple VHost SSL Certs (in one cert), as I have tried several methods, and the one below seems to work very well; better than I had anticipated.

In my approach I found the following as the best solution for my purposes, as the Cert does not return any warnings after the Cert is installed initially, and any VHOST for example: Mydomain.Com, Myotherdomain.Com, www.allmydomains.com, will load properly with out any certificate warning.

Multiple CommonName´s (Vhosts) in the same certificate

How can I generate a certificate for multiple vhosts and their subdomains?

Open the Openssl.cnf file: in apache this file is located in apache/bin/ and go to the following section:

[ req_distinguished_name ]
0.commonName = Common Name (eg, YOUR name)
0.commonName_default = www.domain1.com
0.commonName_max = 64
1.commonName = Common Name (eg, YOUR name)
1.commonName_default = www.domain2.org
1.commonName_max =64
2.commonName = Common Name (eg, YOUR name)
2.commonName_default = shop.domain1.com (only an example of subdomain added to ssl cert)
2.commonName_max = 64
3.commonName = Common Name (eg, YOUR name)
3.commonName_default = My Secure Internet Services (example)
3.commonName_max = 64

#Note: you may add additional vhosts just keep the number sequence going in serial order. Make sure to remove the # sign if it is to be used.

#4.commonName = Common Name (eg, YOUR name)
#4.commonName_default =
#4.commonName_max = 64

----------------------

Save the Openssl.Cnf file

1 Note: When running Make-ssl batch file you do not need to enter any information for common names as the domain name will appear in brackets (to the left) already set as default. Just hit the enter key and proceed to next step after the last common name.

2. The last example: My Secure Internet Services is a generic name is also the last entry purposely. This is because I do not want any other domains to appear on the cert other than my business. The other domains will be included internally in the certificate.

So when a visitor goes to https://www.mydomain.com he/she will see a cert that needs to be installed with the name My Secure Internet Services instead of a cert with MyOtherDomainName.Com.


Hope this helps.

Please check the following source for complete article:
http://wiki.cacert.org/wiki/VhostTaskFo ... bd639ed5d9


GV
gilbertv
 
Posts: 15
Joined: 17. February 2007 22:28

Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 132 guests