Multiple Domains on a Self Signed SSL Certificate

It appears that you can put differing domains on a single SSL certificate.
For this test I used a self signed certificate.
There are a lot of sites that go into the commands more in depth I will try to be
brief here.

This was done on a fedora 13 OS using Apache 2.x

if it does not exist, make a directory to keep all the pertinent files in one place.

mkdir -p /etc/httpd/keys/multi

Navigate to he directory and perform the rest of the work

cd /etc/httpd/keys/multi

Create the Certificate Signing Request

openssl genrsa -out multikeys.key 2048
openssl req -new -key multikeys.key -out multikeys.csr

edit a file giving it any name you desire

vi multi.cnf

add the following line. Change the domain names of course and add any other “DNS:hotname” ent4ries that you need. Separate with commas and no spaces.,,,

Create the certificate

openssl x509 -req -days 365   -in multikeys.csr -signkey  multikeys.key -text -extfile  multi.cnf  -out multi.crt

reference the multi.crt in your Apache named based virtual host configuration
files for SSL you should have two configuration files for each named based virtual

SSLCertificateFile /etc/httpd/keys/multi/multi.crt
SSLCertificateKeyFile /etc/httpd/keys/multi/multikeys.key

You can use this command to view the certificate:

openssl x509 -noout -text -in  [certificate-file]

Restart the web server

service httpd restart

Test by accessing the site with each new domain name in turn.

You will receive an warning because the certificate is self signed and not from a
trusted and registered authority. But that should be the only complaint.

When the time period created on the certificate runs out just regenerate a new certificate with the last openssl command above. All the files should still be in place. Then restart or reload the web-server.

Leave a Reply