All About SAN Certificate

SAN Stands for Subject alternative name . Where the same certificate with multiple names used for multiple domains . This will save cost .Example we can generate one certificate and add other domain names in the subject Alternative Names can use for multiple sites .

Follow below steps for generation SAN certificate to configure in Apache WebServer .

create san.conf file with the below sample content
[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
prompt= no
req_extensions = req_ext
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
organizationName = Organization Name (eg, company)
commonName = Common Name (e.g. server FQDN or YOUR name)
[ req_ext ]
subjectAltName = @alt_names
DNS.1 =
DNS.2 =
DNS.3 =

Updated san.conf looks like below for multiple common names

Generate key with csr file using below openssl command
openssl req -out sslcert.csr -newkey rsa:2048 -sha256 -nodes -keyout private.key -config san.conf

once CSR file is generated you can verify the content on the
copy content of sslcert.csr into the above UR or use below
openssl req -noout -text -in sslcert.csr | grep DNS

You can verify CSR with openssl

Once CSR is verified .Get this signed with Third pary vendor line Entrust ,Symatic --etc
Down load the CSR and root , Intermediate certs in PEM format .

for Apache SSL configuration we need 3 files . 
Rename given CER to httpd.cer for SSLCertificateFile . private.key to httpd.key . Create SSLCACertificateFile by appending Intermediate with Root.cer files.

cat intermediate.cer >httpd_ca.crt && cat root.cer >>httpd_ca.crt

SSLCertificateFile /web/apache/WEB1A/ssl/httpd.cer
SSLCertificateKeyFile /web/apache/WEB1A/ssl/httpd.key
SSLCACertificateFile /web/apache/WEB1A/ssl/httpd_ca.crt
Now we have all the file to configure SSL . Follow link to set SSL for Apache Web Server .ApacheSSL
Once changes are completed restart Apache httpd server and verify the certificate reflected to IP and Port using browser or openssl command .

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *