Knowledgebase

Apache (Multi-Domain version)  Print this Article

To generate CSR file which includes more than one Fully Qualified Domain Name, you need to generate a CSR with several commonName (CN) gaps.

Note: This instruction is for Unix system users.

In Unix you can generate it using OpenSSL configuration file

Edit the "/etc/ssl/openssl.cnf" file (this may be different)

[ req ]
default_bits = 2048
prompt = no
encrypt_key = no
default_md = sha1
distinguished_name = dn


[ dn ]
C = IE
O = Official name of your institution
0.CN = First FQDN of your server
1.CN = Second FQDN of your server
2.CN = Third FQDN of your server
# ... add as much as you need

The principal FQDN should appear as the first CN (0.CN= ) because only this one will be kept in the subject of the certificate. The other CN will be transfered to the subjectAltName field in the generated certificate.

There is also the option for openssl with Command Line, examples:

- servers with existing private key

openssl req -new -key myserver.key -out myserver.csr -subj "/C=IE/O=inst_name/CN=first_fqdn/CN=second_fqdn/CN=third_fqdn" -text-

create private key and CSR with multiple CN names

openssl req -new -newkey rsa:2048 -keyout myserver.key -out myserver.csr -subj "/C=IE/O=inst_name/CN=first_fqdn/CN=second_fqdn/CN=third_fqdn" -text

Was this answer helpful?

Related Articles

What is CSR and who needs it?
A Certificate Signing Request is a text generated on the server that is used to create your SSL...
Apache/OpenSSL
To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver,...
Apache (with mod_ssl)
Installing SSL certificate on Apache with mod_ssl To install certificate you need 2...
Apple Mac OS X Server
CSR is generated in 2 steps.I. Private key generation1. Log into server and open...
Barracuda SSL VPN
Generating a Certificate Signing Request for Barracuda VPNFrom the appliance web interface,...