From e8b14d64fa0fab412b0cebb33214cf2174506031 Mon Sep 17 00:00:00 2001 From: Alexander Bentkamp Date: Tue, 15 Nov 2022 11:22:19 +0100 Subject: [PATCH] notes subdomain --- NOTES_SUBDOMAIN.md | 62 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 NOTES_SUBDOMAIN.md diff --git a/NOTES_SUBDOMAIN.md b/NOTES_SUBDOMAIN.md new file mode 100644 index 0000000..0c85c90 --- /dev/null +++ b/NOTES_SUBDOMAIN.md @@ -0,0 +1,62 @@ +## Certificate for multiple subdomains: + +Make a copy of the `openssl.cnf` file: +``` +cp /etc/ssl/openssl.cnf ~/ +``` + +Edit the file: +``` +vim ~/openssl.cnf +``` + +Uncomment following line in the `[req]` section: +``` +req_extensions = v3_req +``` + +In the `[v3_req]` section, add the following line: +``` +subjectAltName = @alt_names +``` + +Create a new section `[ alt_names ]` at the bottom of the config file. Add SAN or DNS or Alt names like this. + +``` +[ alt_names ] +DNS.1 = lean.math.uni-duesseldorf.de +``` + +Note: Do not add the domain name used in the common name field again. + +Save and quit. + +Create a private key +``` +sudo openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out /etc/ssl/private/private.pem +``` + +Generate the CSR: +``` + sudo openssl req -new -key /etc/ssl/private/private.pem -out ~/public.csr -config ~/openssl.cnf +``` + +``` +Country Name (2 letter code) [AU]:DE +State or Province Name (full name) [Some-State]:Nordrhein-Westfalen +Locality Name (eg, city) []:Duesseldorf +Organization Name (eg, company) [Internet Widgits Pty Ltd]:Heinrich-Heine-Universitaet Duesseldorf +Organizational Unit Name (eg, section) []:ZIM +Common Name (e.g. server FQDN or YOUR name) []:adam.math.uni-duesseldorf.de // Die Domain, die oben ausgelassen wurde +Email Address []:alexander.bentkamp@hhu.de //(Ihre Mailadresse) + +A challenge password []: // leer lassen +An optional company name []: leer lassen +``` + +Check that the certificate contains the Common Name and all Subject Alternative Names: +``` +openssl req -in public.csr -noout -text +``` + +Then follow the instructions here: https://wiki.hhu.de/display/HHU/Serverzertifikat+beantragen \ No newline at end of file