self-signed certificate with multiple DNS names (aka subjectAltName)

following [1] and adding

subjectAltName = DNS:PROBABLY_YOUR_COMMONNAME,DNS:*.SOME_DOMAIN_NAME

to the [ v3_ca ] section of your openssl.cnf file should do the trick.

unfortunately, the DNS:copy:commonName didn’t work for me…

references:

  1. http://www.debian-administration.org/articles/284
  2. http://reductivelabs.com/trac/puppet/wiki/MultipleCertificateAuthorities
  3. http://wiki.cacert.org/wiki/VhostTaskForce

Comments:

Kem Mason -

I found this while looking for a link to do exactly what you said, but tried to generate a config from your comments, and could not make it work, after reading that link, and looking a bit more, I did get it working, here’s a pastie with my openssl.cnf and instructions that worked for me
http://pastie.org/666978

Next
Previous

Related