If you want to secure multiple domains with one TLS/SSL certificate you will need to use multi-domain certificate with more than one Subject Alternative Name (SAN) specified in it.
Following is the procedure to create CSR for multiSAN certificate with openSSL.
First create a config file that will contain SAN information and all other parameters that need to be passed to openSSL to create CSR file.
Create multisan.conf file with following content.
[req] distinguished_name = req_distinguished_name req_extensions = v3_req default_keyfile = multisan.key prompt = no [req_distinguished_name] C = CountryCode (US,GB,...) ST = State L = City O = OrganizatioName OU = OrganizationUnit CN = server.domain1.com [v3_req] keyUsage = keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1 = server.domain1.com DNS.2 = server.domain2.com DNS.3 = server.domain3.com
Once multisan.conf file has been created create CSR file and private key to be used with certificate with following command:
openssl req -new -nodes -out multisan.csr -config multisan.conf
This will automatically write private key to multisan.key file in the same location you executed the command.
openssl req -new -nodes -out multisan.csr -config multisan.conf Generating a 2048 bit RSA private key .......+++++ .......................................................................+++++ writing new private key to 'multisan.key'
Once CSR and key files have been created you can confirm CSR content with following command:
openssl req -text -noout -in multisan.csr
Now that you have CSR file you can upload that CSR to your TLS/SSL certificate vendor to order issuing of the certificate.
This howto is very good starting point – thank you!
Just one small correction needed (to become perfect):
CN = server.domain1.com is good to appear once:
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
default_keyfile = multisan.key
prompt = no
[req_distinguished_name]
C = CountryCode (US,GB,…)
ST = State
L = City
O = OrganizatioName
OU = OrganizationUnit
CN = server.domain1.com
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.2 = server.domain2.com
DNS.3 = server.domain3.com