Difference between revisions of "SSL: Multi Domain"

From OnnoWiki
Jump to navigation Jump to search
 
(One intermediate revision by the same user not shown)
Line 40: Line 40:
 
  openssl req -new -key example.com.key -out example.com.csr -config example.com.cnf
 
  openssl req -new -key example.com.key -out example.com.csr -config example.com.cnf
  
  openssl req -new -key onnocenter.or.id.key -out example.com.csr -config /etc/ssl/openssl.cnf
+
  openssl req -new -key onnocenter.or.id.key -out onnocenter.or.id.csr -config /etc/ssl/openssl.cnf
  
 
test
 
test
Line 46: Line 46:
 
  openssl req -in example.com.csr -noout -text
 
  openssl req -in example.com.csr -noout -text
 
  openssl req -in onnocenter.or.id.csr -noout -text
 
  openssl req -in onnocenter.or.id.csr -noout -text
 +
 +
 +
==CNAME DNS Authentication==
 +
 +
Biasanya penyedia SSL akan meminta kita untuk mengauthentikasi domain kita menggunakan CNAME. Kita perlu menambahkan entry CNAME pada DNS sesuai dengan perintah dari penyedia layanan SSL, misalnya,
 +
 +
_e1a29010855492a.onnocenter.or.id. IN CNAME 2705001641008713.sectigo.com.
 +
_e1a29010855492a.onnocenter.or.id. IN CNAME 2705001641008713.comodoca.com.
 +
 +
  
 
==Referensi==
 
==Referensi==

Latest revision as of 05:48, 3 January 2022

Sumber: https://www.thesecmaster.com/how-to-generate-a-csr-for-multi-domain-ssl-certificates-using-openssl/

openssl config di ubah

Edit

/etc/ssl/openssl.cnf

atau

/usr/lib/ssl/openssl.cnf

Di bagian [ req ], buka # agar

req_extensions = v3_req

Di bagian [ v3_req ] tambahkan

subjectAltName = @alt_names


Di bagian bawah tambahkan

[ alt_names ]
DNS.1 = www.exampledomain.com
DNS.2 = exampledomain.com
DNS.3 = thesecmaster.local
DNS.4 = mydomain.local


private key generate

Sebagai user biasa, lakukan tanpa pass phrase

openssl genrsa -out example.com.key 2048
openssl genrsa -out onnocenter.or.id.key 2048

Certificate Signing Request (CSR) generate

Sebagai user biasa, lakukan

openssl req -new -key example.com.key -out example.com.csr -config example.com.cnf
openssl req -new -key onnocenter.or.id.key -out onnocenter.or.id.csr -config /etc/ssl/openssl.cnf

test

openssl req -in example.com.csr -noout -text
openssl req -in onnocenter.or.id.csr -noout -text


CNAME DNS Authentication

Biasanya penyedia SSL akan meminta kita untuk mengauthentikasi domain kita menggunakan CNAME. Kita perlu menambahkan entry CNAME pada DNS sesuai dengan perintah dari penyedia layanan SSL, misalnya,

_e1a29010855492a.onnocenter.or.id. IN CNAME 2705001641008713.sectigo.com.
_e1a29010855492a.onnocenter.or.id. IN CNAME 2705001641008713.comodoca.com.


Referensi

Pranala Menarik