Setting up httpS for multiple domain

后端 未结 1 1285
一个人的身影
一个人的身影 2021-02-10 02:46

I need to setup https for multiple domians xxxx.com xxxx.net (with single common certificate)

CA where we buying certificate ask to create Certificate Signing Reques

1条回答
  •  天涯浪人
    2021-02-10 03:12

    Avoid certificates with multiple CNs (as suggested in comments), that's not how the specifications (RFC 2818 and RFC 6125) say it should work and, although it may work in some clients applications, it will usually fail. From RFC 2818:

    If a subjectAltName extension of type dNSName is present, that MUST be used as the identity. Otherwise, the (most specific) Common Name field in the Subject field of the certificate MUST be used. Although the use of the Common Name is existing practice, it is deprecated and Certification Authorities are encouraged to use the dNSName instead.

    Instead, generate certificates (or CSR) with multiple Subject Alternative Names (SANs).

    If you're using OpenSSL, edit your openssl.cnf (or edit a copy) and set these properties, in the relevant sections ([req] and [ v3_req ]):

    [req]
    req_extensions = v3_req
    
    [v3_req]
    subjectAltName=DNS:www.example1.com,DNS:www.example2.com,DNS:www.example3.com
    

    There's also a nice trick to use an environment variable for this (rather in than fixing it in a configuration file) here: http://www.crsr.net/Notes/SSL.html

    You may also want to have one of them (any) in the CN.

    (You may also be interested in this answer.)

    0 讨论(0)
提交回复
热议问题