Friday, April 3, 2009

Creating SSL Certificates with Multiple Host Names

Creating an SSL Certificate with Multiple Hostnames

There's another article on creating wildcard certificates in apache (and here on IIS), but we've not discussed the possibility of having a single certificate answer to several hostnames (DNS cnames, and http host headers). This uses an SSL feature called SubjectAlternativeName (or SAN, for short). Not only is this possible, but it's reasonably easy. We'll talk about generating the certificates using openssl on linux, but openssl is available for Windows, also, and the procedure is the same. Note that Windows' selfssl utility doesn't provide the ability to generate a certificate request file with SANs, so if you want to use this on Windows, you'll need to use openssl or another ssl utility.