Deprecated: Hook custom_css_loaded is deprecated since version jetpack-13.5! Use WordPress Custom CSS instead. Jetpack no longer supports Custom CSS. Read the WordPress.org documentation to learn how to apply custom styles to your site: https://wordpress.org/documentation/article/styles-overview/#applying-custom-css in /srv/www/srvfail.com/public_html/wp-includes/functions.php on line 6078
openSSL Archives ⋆ SysAdminStuff

Create key and CSR for multi-domain certificate.

If you want to secure multiple domains with one TLS/SSL certificate you will need to use multi-domain certificate with more than one Subject Alternative Name (SAN) specified in it.

Following is the procedure to create CSR for multiSAN certificate with openSSL.

First create a config file that will contain SAN information and all other parameters that need to be passed to openSSL to create CSR file.

Create multisan.conf file with following content.

[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
default_keyfile = multisan.key
prompt = no

[req_distinguished_name]
C = CountryCode (US,GB,...)
ST = State
L = City
O = OrganizatioName
OU = OrganizationUnit
CN = server.domain1.com

[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1 = server.domain1.com
DNS.2 = server.domain2.com
DNS.3 = server.domain3.com

Once multisan.conf file has been created create CSR file and private key to be used with certificate with following command:

openssl req -new -nodes -out multisan.csr -config multisan.conf

This will automatically write private key to multisan.key file in the same location you executed the command.

openssl req -new -nodes -out multisan.csr -config multisan.conf 
Generating a 2048 bit RSA private key
.......+++++
.......................................................................+++++
writing new private key to 'multisan.key'

Once CSR and key files have been created you can confirm CSR content with following command:

openssl req -text -noout -in multisan.csr

Now that you have CSR file you can upload that CSR to your TLS/SSL certificate vendor to order issuing of the certificate.