How to create an SSL certificate for more than one subdomain?

ssl-certificate openssl subdomain

Solution 1:

Yes, use *.myserver.net as common name.

This is called wildcard certs and there are large number of howtos finding with this keyword.

Here is one of them: https://web.archive.org/web/20140228063914/http://www.justinsamuel.com/2006/03/11/howto-create-a-self-signed-wildcard-ssl-certificate

Update: if you want cert to match root domain as well (myserver.net), then you should use Subject Alternative Name extension. When generating cert using openssh enter '*.myserver.net/CN=myserver.net' as Common Name.

Compatibly is good enough, unless you have an ancient browser.

Solution 2:

Just as an FYI, there is another kind of certificate as well called a Unified Communications Certificate. A wildcard can only be issued for *.domain.com but a UCC certificate allows you to list up to 100 Fully Qualified Domain Names(FQDN) under any domain. The main reason to get one of these is that Microsoft isn't too keen on the wildcards for things like MS Domain controllers, Exchange, etc.

https://www.godaddy.com/help/what-is-a-multiple-domain-ucc-ssl-certificate-3908

A Unified Communications Certificate (UCC) is an SSL certificate that secures multiple domain names and multiple host names within a domain name. A UCC lets you secure a primary domain name and up to 99 additional Subject Alternative Names (SANs) in a single certificate. UCCs are ideal for Microsoft® Exchange Server 2007, Exchange Server 2010, and Microsoft Live® Communications Server.

UCCs are compatible with shared hosting. However, the site seal and certificate "Issued To" information will only list the primary domain name. Please note that any secondary hosting accounts will be listed in the certificate as well, so if you do not want sites to appear 'connected' to each other, you should not use this type of certificate.

The main downside to UCC is that you have to list all your domains up front (wildcards don't require this). If the list ever changes you'll have to get a new certificate. Incidentally, Namecheap (only one I know of that does this) offers an Extended Validation UCC(you pay per domain, which means a 100 domain certificate is VERY expensive), which is the only way to have an EV certificate for more than one domain, as nobody offers EV Wildcards.

Related

Linux Graceful Shutdown
Rsync show progress for individual file
Using JSON keys with google cloud gsutil
Alter charset and collation in all columns in all tables in MySQL
How do I block specific IPs and IP ranges in IIS7?
What is the "in-the-wire" size of a ethernet frame? 1518 or 1542?
ssh on windows - Corrupted MAC on input
Why is my System event log full of WMI Performance Adapter messages?
How does Kerberos work with SSH?
How to override the default dir alias in Powershell?
Configure buggy systemd service to terminate via SIGKILL
Linux clients for Exchange (email and) calendar [closed]