Jasinski Technical Wiki

Navigation

Home Page
Index
All Pages

Quick Search
»
Advanced Search »

Contributor Links

Create a new Page
Administration
File Management
Login/Logout
Your Profile

Other Wiki Sections

Software

PoweredBy

Page History: Requesting an SSL Certificate for Multiple Domains

Compare Page Revisions



« Older Revision - Back to Page History - Newer Revision »


Page Revision: Fri, Oct 02, 2015, 2:06 PM


Overview

To request an SSL certificate that supports multiple domains, you need to generate a CSR (Certificate Signing Request) for SANs (Subject Alternative Names). This article documents how to do this.

Procedure

(1) Create a text file for the Request Policy, using the following template, and saving it as MainDomainDotCom.inf

[Version] 

Signature="$Windows NT$"

[NewRequest]
Subject = "CN=maindomain.com,OU=My Organizational Unit,O=My Organization Inc.,STREET=100 Main Street,L=City,S=State,PostalCode=12345-6789,C=US" 
; Remove to use an empty Subject name. 

;Because SSL/TLS does not require a Subject name when a SAN extension is included, the certificate Subject name can be empty.
;If you are using another protocol, verify the certificate requirements. 

EncipherOnly = FALSE ; Only for Windows Server 2003 and Windows XP. Remove for all other client operating system versions.
Exportable = FALSE   ; TRUE = Private key is exportable
KeyLength = 2048     ; Valid key sizes: 1024, 2048, 4096, 8192, 16384
KeySpec = 1          ; Key Exchange – Required for encryption
KeyUsage = 0xA0      ; Digital Signature, Key Encipherment
MachineKeySet = True
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"


RequestType = PKCS10 ; or CMC.


[EnhancedKeyUsageExtension]
; If you are using an enterprise CA the EnhancedKeyUsageExtension section can be omitted 

OID=1.3.6.1.5.5.7.3.1 ; Server Authentication
OID=1.3.6.1.5.5.7.3.2 ; Client Authentication

[Extensions]
; If your client operating system is Windows Server 2008, Windows Server 2008 R2, Windows Vista, or Windows 7
; SANs can be included in the Extensions section by using the following text format. Note 2.5.29.17 is the OID for a SAN extension.

2.5.29.17 = "{text}"
_continue_ = "dns=www.maindomain.com&"
_continue_ = "dns=www.domain2.com&"
_continue_ = "dns=maindomain.com&"
_continue_ = "dns=domain2.com&"

ScrewTurn Wiki version 3.0.1.400. Some of the icons created by FamFamFam. Except where noted, all contents Copyright © 1999-2024, Patrick Jasinski.