SSL: Multi Domain
Revision as of 05:48, 3 January 2022 by Onnowpurbo (talk | contribs)
Sumber: https://www.thesecmaster.com/how-to-generate-a-csr-for-multi-domain-ssl-certificates-using-openssl/
openssl config di ubah
Edit
/etc/ssl/openssl.cnf
atau
/usr/lib/ssl/openssl.cnf
Di bagian [ req ], buka # agar
req_extensions = v3_req
Di bagian [ v3_req ] tambahkan
subjectAltName = @alt_names
Di bagian bawah tambahkan
[ alt_names ] DNS.1 = www.exampledomain.com DNS.2 = exampledomain.com DNS.3 = thesecmaster.local DNS.4 = mydomain.local
private key generate
Sebagai user biasa, lakukan tanpa pass phrase
openssl genrsa -out example.com.key 2048 openssl genrsa -out onnocenter.or.id.key 2048
Certificate Signing Request (CSR) generate
Sebagai user biasa, lakukan
openssl req -new -key example.com.key -out example.com.csr -config example.com.cnf
openssl req -new -key onnocenter.or.id.key -out onnocenter.or.id.csr -config /etc/ssl/openssl.cnf
test
openssl req -in example.com.csr -noout -text openssl req -in onnocenter.or.id.csr -noout -text
CNAME DNS Authentication
Biasanya penyedia SSL akan meminta kita untuk mengauthentikasi domain kita menggunakan CNAME. Kita perlu menambahkan entry CNAME pada DNS sesuai dengan perintah dari penyedia layanan SSL, misalnya,
_e1a29010855492a.onnocenter.or.id. IN CNAME 2705001641008713.sectigo.com. _e1a29010855492a.onnocenter.or.id. IN CNAME 2705001641008713.comodoca.com.