Difference between revisions of "SSL: Multi Domain"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) (Created page with "Sumber: https://www.thesecmaster.com/how-to-generate-a-csr-for-multi-domain-ssl-certificates-using-openssl/ ==openssl config di ubah== Edit /etc/ssl/openssl.cnf atau /usr...") |
Onnowpurbo (talk | contribs) |
||
(4 intermediate revisions by the same user not shown) | |||
Line 29: | Line 29: | ||
==private key generate== | ==private key generate== | ||
− | + | Sebagai user biasa, lakukan tanpa pass phrase | |
openssl genrsa -out example.com.key 2048 | openssl genrsa -out example.com.key 2048 | ||
+ | openssl genrsa -out onnocenter.or.id.key 2048 | ||
+ | ==Certificate Signing Request (CSR) generate== | ||
− | + | Sebagai user biasa, lakukan | |
openssl req -new -key example.com.key -out example.com.csr -config example.com.cnf | openssl req -new -key example.com.key -out example.com.csr -config example.com.cnf | ||
+ | |||
+ | openssl req -new -key onnocenter.or.id.key -out onnocenter.or.id.csr -config /etc/ssl/openssl.cnf | ||
test | test | ||
openssl req -in example.com.csr -noout -text | openssl req -in example.com.csr -noout -text | ||
+ | openssl req -in onnocenter.or.id.csr -noout -text | ||
+ | |||
+ | |||
+ | ==CNAME DNS Authentication== | ||
+ | Biasanya penyedia SSL akan meminta kita untuk mengauthentikasi domain kita menggunakan CNAME. Kita perlu menambahkan entry CNAME pada DNS sesuai dengan perintah dari penyedia layanan SSL, misalnya, | ||
+ | _e1a29010855492a.onnocenter.or.id. IN CNAME 2705001641008713.sectigo.com. | ||
+ | _e1a29010855492a.onnocenter.or.id. IN CNAME 2705001641008713.comodoca.com. | ||
Latest revision as of 05:48, 3 January 2022
Sumber: https://www.thesecmaster.com/how-to-generate-a-csr-for-multi-domain-ssl-certificates-using-openssl/
openssl config di ubah
Edit
/etc/ssl/openssl.cnf
atau
/usr/lib/ssl/openssl.cnf
Di bagian [ req ], buka # agar
req_extensions = v3_req
Di bagian [ v3_req ] tambahkan
subjectAltName = @alt_names
Di bagian bawah tambahkan
[ alt_names ] DNS.1 = www.exampledomain.com DNS.2 = exampledomain.com DNS.3 = thesecmaster.local DNS.4 = mydomain.local
private key generate
Sebagai user biasa, lakukan tanpa pass phrase
openssl genrsa -out example.com.key 2048 openssl genrsa -out onnocenter.or.id.key 2048
Certificate Signing Request (CSR) generate
Sebagai user biasa, lakukan
openssl req -new -key example.com.key -out example.com.csr -config example.com.cnf
openssl req -new -key onnocenter.or.id.key -out onnocenter.or.id.csr -config /etc/ssl/openssl.cnf
test
openssl req -in example.com.csr -noout -text openssl req -in onnocenter.or.id.csr -noout -text
CNAME DNS Authentication
Biasanya penyedia SSL akan meminta kita untuk mengauthentikasi domain kita menggunakan CNAME. Kita perlu menambahkan entry CNAME pada DNS sesuai dengan perintah dari penyedia layanan SSL, misalnya,
_e1a29010855492a.onnocenter.or.id. IN CNAME 2705001641008713.sectigo.com. _e1a29010855492a.onnocenter.or.id. IN CNAME 2705001641008713.comodoca.com.