SAN Stands for Subject alternative name . Where the same certificate with multiple names used for multiple domains . This will save cost .Example we can generate one certificate and add other domain names in the subject Alternative Names can use for multiple sites .
Follow below steps for generation SAN certificate to configure in Apache WebServer .
create san.conf file with the below sample content
[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
prompt= no
req_extensions = req_ext
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
organizationName = Organization Name (eg, company)
commonName = Common Name (e.g. server FQDN or YOUR name)
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = abc.com
DNS.2 = def.com
DNS.3 = fgh.com
Updated san.conf looks like below for multiple common names
Generate key with csr file using below openssl command
openssl req -out sslcert.csr -newkey rsa:2048 -sha256 -nodes -keyout private.key -config san.conf
once CSR file is generated you can verify the content on the https://www.entrust.net/ssl-technical/csr-viewer.cfm
copy content of sslcert.csr into the above UR or use below
openssl req -noout -text -in sslcert.csr | grep DNS
You can verify CSR with openssl
Once CSR is verified .Get this signed with Third pary vendor line Entrust ,Symatic --etc
Down load the CSR and root , Intermediate certs in PEM format .
for Apache SSL configuration we need 3 files .
Rename given CER to httpd.cer for SSLCertificateFile . private.key to httpd.key . Create SSLCACertificateFile by appending Intermediate with Root.cer files.
cat intermediate.cer >httpd_ca.crt && cat root.cer >>httpd_ca.crt
SSLCertificateFile /web/apache/WEB1A/ssl/httpd.cer
SSLCertificateKeyFile /web/apache/WEB1A/ssl/httpd.key
SSLCACertificateFile /web/apache/WEB1A/ssl/httpd_ca.crtOnce changes are completed restart Apache httpd server and verify the certificate reflected to IP and Port using browser or openssl command .