SSL: Multi Domain: Difference between revisions
From OnnoCenterWiki
Jump to navigationJump to search
No edit summary |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 40: | Line 40: | ||
openssl req -new -key example.com.key -out example.com.csr -config example.com.cnf | openssl req -new -key example.com.key -out example.com.csr -config example.com.cnf | ||
openssl req -new -key onnocenter.or.id.key -out | openssl req -new -key onnocenter.or.id.key -out onnocenter.or.id.csr -config /etc/ssl/openssl.cnf | ||
test | test | ||
| Line 46: | Line 46: | ||
openssl req -in example.com.csr -noout -text | openssl req -in example.com.csr -noout -text | ||
openssl req -in onnocenter.or.id.csr -noout -text | openssl req -in onnocenter.or.id.csr -noout -text | ||
==CNAME DNS Authentication== | |||
Biasanya penyedia SSL akan meminta kita untuk mengauthentikasi domain kita menggunakan CNAME. Kita perlu menambahkan entry CNAME pada DNS sesuai dengan perintah dari penyedia layanan SSL, misalnya, | |||
_e1a29010855492a.onnocenter.or.id. IN CNAME 2705001641008713.sectigo.com. | |||
_e1a29010855492a.onnocenter.or.id. IN CNAME 2705001641008713.comodoca.com. | |||
==Referensi== | ==Referensi== | ||
Latest revision as of 22:48, 2 January 2022
Sumber: https://www.thesecmaster.com/how-to-generate-a-csr-for-multi-domain-ssl-certificates-using-openssl/
openssl config di ubah
Edit
/etc/ssl/openssl.cnf
atau
/usr/lib/ssl/openssl.cnf
Di bagian [ req ], buka # agar
req_extensions = v3_req
Di bagian [ v3_req ] tambahkan
subjectAltName = @alt_names
Di bagian bawah tambahkan
[ alt_names ] DNS.1 = www.exampledomain.com DNS.2 = exampledomain.com DNS.3 = thesecmaster.local DNS.4 = mydomain.local
private key generate
Sebagai user biasa, lakukan tanpa pass phrase
openssl genrsa -out example.com.key 2048 openssl genrsa -out onnocenter.or.id.key 2048
Certificate Signing Request (CSR) generate
Sebagai user biasa, lakukan
openssl req -new -key example.com.key -out example.com.csr -config example.com.cnf
openssl req -new -key onnocenter.or.id.key -out onnocenter.or.id.csr -config /etc/ssl/openssl.cnf
test
openssl req -in example.com.csr -noout -text openssl req -in onnocenter.or.id.csr -noout -text
CNAME DNS Authentication
Biasanya penyedia SSL akan meminta kita untuk mengauthentikasi domain kita menggunakan CNAME. Kita perlu menambahkan entry CNAME pada DNS sesuai dengan perintah dari penyedia layanan SSL, misalnya,
_e1a29010855492a.onnocenter.or.id. IN CNAME 2705001641008713.sectigo.com. _e1a29010855492a.onnocenter.or.id. IN CNAME 2705001641008713.comodoca.com.
