Create key and CSR for multi-domain certificate.

If you want to secure multiple domains with one TLS/SSL certificate you will need to use multi-domain certificate with more than one Subject Alternative Name (SAN) specified in it.

Following is the procedure to create CSR for multiSAN certificate with openSSL.

First create a config file that will contain SAN information and all other parameters that need to be passed to openSSL to create CSR file.

Create multisan.conf file with following content.

[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
default_keyfile = multisan.key
prompt = no

[req_distinguished_name]
C = CountryCode (US,GB,...)
ST = State
L = City
O = OrganizatioName
OU = OrganizationUnit
CN = server.domain1.com

[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1 = server.domain1.com
DNS.2 = server.domain2.com
DNS.3 = server.domain3.com

Once multisan.conf file has been created create CSR file and private key to be used with certificate with following command:

openssl req -new -nodes -out multisan.csr -config multisan.conf

This will automatically write private key to multisan.key file in the same location you executed the command.

openssl req -new -nodes -out multisan.csr -config multisan.conf 
Generating a 2048 bit RSA private key
.......+++++
.......................................................................+++++
writing new private key to 'multisan.key'

Once CSR and key files have been created you can confirm CSR content with following command:

openssl req -text -noout -in multisan.csr

Now that you have CSR file you can upload that CSR to your TLS/SSL certificate vendor to order issuing of the certificate.

WordPress http to https switch using Cloudflare SSL

If you have a WordPress site behind Cloudflare free account and you want to make your site or part of it accessible over HTTPS you can use free Cloudflare Universal SSL certificate.

Enable SSL on Cloudflare

To enable your site being served over HTTPS from Cloudflare, login to your Cloudflare account, select domain you want to enable SSL on and click on the Crypto page with lock icon, to manage cryptography settings for your website.

Cloudflare Crypto

On the Crypto page first setting on top will be SSL, where you can switch SSL from Off to one of the three other options available.

There are three options you can use to enable SSL:

  • Flexible: Cloudflare will serve site to end users on https, but will communicate with your site over http, in this case you don’t have to install SSL on your site’s server or make any changes on your site, if you are using relative links, where http is not hardcoded in any links.
  • Full: Cloudflare will serve end users over https, communicate with your site over https, but will not verify the authenticity of the SSL. In this case you need to install SSL on your site and have your site’s server listen for connections on port 443, but you can use self-signed certificate as it’s authenticity is not verified.
  • Full (strict): Cloudflare will server end users over https, communicate with your site over https and will verify the validity of your SSL. As with Full option above you will need to set port 443 for listener and install SSL, but in this case you will need to install a valid SSL containing your site hostname and signed by certificate authority. You do not need to buy SSL for this to work, you can configure Let’s Encrypt SSL or use Origin CA certificates, generated by Cloudflare.

It would be recommended to use Full (strict option) for SSL as it maximizes security of your site data.

You can see all options explained with more details in this Cloudflare support article.

Create Edge and Origin certificates

If you don’t already have SSL with your site hostname listed under Edge Certificates, click on Order SSL certificate button and select Universal SSL (Shared) option. This will be SSL certificate server to visitors of your site by Cloudflare.

Edge Certificates

To get SSL certificate that will be used for communication between Cloudflare and your site, go to Origin Certificates section of page and click on Create Certificate button. You do not need to create Origin Certificate if you used Flexible option when you enabled SSL or if you already have some other SSL on your web server.

Origin Certificates

Once you click on Create Certificate you will be presented with Origin Certificate Installation window where in most cases you can just leave default options, after which you will be presented with Certificate and Private key which you need to install on your web server.

Change your WordPress to https URLs

If you have used Full of Full (strict) option when enabling SSL you need to edit your WordPress settings in Settings » General” and change your WordPress Address (URL) and Site Address (URL) fields to https URL instead of http URL.

You do not need to make this change if you are using Flexible option when enabling SSL on Cloudflare.

If you want to have your whole site being served over HTTPs and not just some subsets of it, like wp-admin or a store page, enable Always use HTTPS option on Crypto page of your Cloudflare account.

Always use HTTPS

If you don’t want to have whole site over https, but only some parts of URL, like example.com/wp-admin, example.com/wp-login.php or example.com/section leave this option Off, and setup redirection to https for those pages either on your web server or in Page Rules page on your Cloudflare account.

To avoid getting mixed content warning in browser when your page is visited over https enable Automatic HTTPS Rewrites option, which will try to rewrite your content from http to https if a link or a reference to a http URL is available over https.

Automatic HTTPS rewrites

Change to https in webmaster tools

If you are using webmaster tools in Bing, Google or Yandex here is how to notify those search engines about your change to https:

Google
Google doesn’t at this time support http to https change in their Change of Address option, so you will need to add a new property with https URL, and data from http property will eventually change to your new https property.

Bing
Go to Diagnostics & Tools » Site Move” and select  I am moving URLs from one place to another within the current site” and then input your old URL in Source field and new https URL in Destination field.

Yandex
Add new site address with URL using https and then on the old site with http go to “Indexing » Relocate site” and tick “Add HTTPS” box.