How to do SSL certs for multiple domains

Started by gbooker, June 03, 2006, 09:28:25 AM

Previous topic - Next topic


Several have asked me how to create SSL certs that work with multiple domains, so here are the instructions.  In the examples below, my domain is

First, I created a directory for this.  In the directory I have my CA cert as "my-ca.crt" and my CA key as "my-ca.key".  My server's certificate signing request is "cod3r-server.csr" and the output is cod3r-server.crt.  If you wish to use different filenames, change them in the below.

Next, create a file named extensions contain a list of all your domains like the following:
subjectAltName =,,,,,,,,
Note, this is all on one line.

Now, create a file called which will sign the key like the following:
openssl x509 -req -days 365 -CA my-ca.crt -CAkey my-ca.key -CAcreateserial -in cod3r-server.csr -extfile extensions -out cod3r-server.crt

Anytime you wish to add a domain, edit the extensions file and add them (be sure to add the DNS: in front and the commas between values).  Execute sh and you have a new cert.  Install it, and reload apache.

Hope this helps everyone.