SSL: Multi Domain

From OnnoWiki
Revision as of 05:48, 3 January 2022 by Onnowpurbo (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Sumber: https://www.thesecmaster.com/how-to-generate-a-csr-for-multi-domain-ssl-certificates-using-openssl/

openssl config di ubah

Edit

/etc/ssl/openssl.cnf

atau

/usr/lib/ssl/openssl.cnf

Di bagian [ req ], buka # agar

req_extensions = v3_req

Di bagian [ v3_req ] tambahkan

subjectAltName = @alt_names


Di bagian bawah tambahkan

[ alt_names ]
DNS.1 = www.exampledomain.com
DNS.2 = exampledomain.com
DNS.3 = thesecmaster.local
DNS.4 = mydomain.local


private key generate

Sebagai user biasa, lakukan tanpa pass phrase

openssl genrsa -out example.com.key 2048
openssl genrsa -out onnocenter.or.id.key 2048

Certificate Signing Request (CSR) generate

Sebagai user biasa, lakukan

openssl req -new -key example.com.key -out example.com.csr -config example.com.cnf
openssl req -new -key onnocenter.or.id.key -out onnocenter.or.id.csr -config /etc/ssl/openssl.cnf

test

openssl req -in example.com.csr -noout -text
openssl req -in onnocenter.or.id.csr -noout -text


CNAME DNS Authentication

Biasanya penyedia SSL akan meminta kita untuk mengauthentikasi domain kita menggunakan CNAME. Kita perlu menambahkan entry CNAME pada DNS sesuai dengan perintah dari penyedia layanan SSL, misalnya,

_e1a29010855492a.onnocenter.or.id. IN CNAME 2705001641008713.sectigo.com.
_e1a29010855492a.onnocenter.or.id. IN CNAME 2705001641008713.comodoca.com.


Referensi

Pranala Menarik