openssl genrsa -out www.domain.com.key 2048
openssl req -new -key www.domain.com.key -out www.domain.com.csr
Answer the questions! For ‘Common Name’ put the first domain name (www.domain.tld
). Be careful to make sure all the info is correct.
At this point you are done with cert request. Below is how to create self-signed cert.
Create a extensions config file for the certificate generation (you can throw this away when you’re done). This is the important bit for getting the extra domains in. You need to list ALL the domains, since the Common Name you set above is only used in the absence of the subjectAltNames field (I think).
Create www.domain.com.cnf
insert this to it
subjectAltName=DNS:www.domain.com,DNS:www2.domain.com
Then run:
openssl x509 -req -days 365 -in www.domain.com.csr -signkey www.domain.com.key -text -extfile www.domain.com.cnf -out www.domain.com.crt
Last add ssl stuff to your SSL VirtualHost
SSLEngine on SSLCertificateFile /etc/apache2/ssl/CERT_NAME.com.crt SSLCertificateKeyFile /etc/apache2/ssl/CERT_NAME.key