Difference between revisions of "SSL: Multi Domain"

From OnnoWiki
Jump to navigation Jump to search
Line 38: Line 38:
 
Sebagai user biasa, lakukan
 
Sebagai user biasa, lakukan
  
  openssl req -new -key onnocenter.or.id.key -out example.com.csr -config example.com.cnf
+
  openssl req -new -key example.com.key -out example.com.csr -config example.com.cnf
  
 
  openssl req -new -key onnocenter.or.id.key -out example.com.csr -config /etc/ssl/openssl.cnf
 
  openssl req -new -key onnocenter.or.id.key -out example.com.csr -config /etc/ssl/openssl.cnf

Revision as of 08:16, 1 January 2022

Sumber: https://www.thesecmaster.com/how-to-generate-a-csr-for-multi-domain-ssl-certificates-using-openssl/

openssl config di ubah

Edit

/etc/ssl/openssl.cnf

atau

/usr/lib/ssl/openssl.cnf

Di bagian [ req ], buka # agar

req_extensions = v3_req

Di bagian [ v3_req ] tambahkan

subjectAltName = @alt_names


Di bagian bawah tambahkan

[ alt_names ]
DNS.1 = www.exampledomain.com
DNS.2 = exampledomain.com
DNS.3 = thesecmaster.local
DNS.4 = mydomain.local


private key generate

Sebagai user biasa, lakukan tanpa pass phrase

openssl genrsa -out example.com.key 2048
openssl genrsa -out onnocenter.or.id.key 2048

Certificate Signing Request (CSR) generate

Sebagai user biasa, lakukan

openssl req -new -key example.com.key -out example.com.csr -config example.com.cnf
openssl req -new -key onnocenter.or.id.key -out example.com.csr -config /etc/ssl/openssl.cnf

test

openssl req -in example.com.csr -noout -text
openssl req -in onnocenter.or.id.csr -noout -text

Referensi

Pranala Menarik