Deprecated: Hook custom_css_loaded is deprecated since version jetpack-13.5! Use WordPress Custom CSS instead. Jetpack no longer supports Custom CSS. Read the WordPress.org documentation to learn how to apply custom styles to your site: https://wordpress.org/documentation/article/styles-overview/#applying-custom-css in /srv/www/srvfail.com/public_html/wp-includes/functions.php on line 6078
Uncategorized Archives ⋆ SysAdminStuff

Create key and CSR for multi-domain certificate.

If you want to secure multiple domains with one TLS/SSL certificate you will need to use multi-domain certificate with more than one Subject Alternative Name (SAN) specified in it.

Following is the procedure to create CSR for multiSAN certificate with openSSL.

First create a config file that will contain SAN information and all other parameters that need to be passed to openSSL to create CSR file.

Create multisan.conf file with following content.

[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
default_keyfile = multisan.key
prompt = no

[req_distinguished_name]
C = CountryCode (US,GB,...)
ST = State
L = City
O = OrganizatioName
OU = OrganizationUnit
CN = server.domain1.com

[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1 = server.domain1.com
DNS.2 = server.domain2.com
DNS.3 = server.domain3.com

Once multisan.conf file has been created create CSR file and private key to be used with certificate with following command:

openssl req -new -nodes -out multisan.csr -config multisan.conf

This will automatically write private key to multisan.key file in the same location you executed the command.

openssl req -new -nodes -out multisan.csr -config multisan.conf 
Generating a 2048 bit RSA private key
.......+++++
.......................................................................+++++
writing new private key to 'multisan.key'

Once CSR and key files have been created you can confirm CSR content with following command:

openssl req -text -noout -in multisan.csr

Now that you have CSR file you can upload that CSR to your TLS/SSL certificate vendor to order issuing of the certificate.

Disable Chrome stripping subdomains from URL

In version 69 of Chromium and Google Chrome default browser behavior is to enable “Omnibox UI Hide Steady-State URL Scheme and Trivial Subdomain” feature.

This will cause browser not displaying not just the protocol part of address but also what it considers trivial subdomains.
Subdomains like www or m subdomain will not be shown in address bar with this feature enabled.
This will cause www.example.com to be shown as example.com and www.m.example.www.example.com would be shown as example.example.com, like described in this issue report:

https://bugs.chromium.org/p/chromium/issues/detail?id=881410

To disable this feature open chrome://flags/#omnibox-ui-hide-steady-state-url-scheme-and-subdomains in your browser and set the flag to “Disabled”.

Version 69 has also introduced new UI design.

If you wish to revert to old design you can do so with “UI Layout for the browser’s top chrome” setting.
Input chrome://flags/#top-chrome-md in Chrome and set it to Normal to have the old UI design again.