How to create a multi domain wildcard ssl certificate   

 

I usually use selfcert or the iis wizard to create ssl request or certificates. These are fine as long as you don’t have to install the certificates in multiple servers.

In that case you need to create a wildcard ssl certificate. I also wanted to avoid having to create certificates for each domain I was testing. It seems that the easiest way to be able to do this is to use certreq. This tool will create a request based on a configuration file that you can customize. Below is the sample I created for a certificate that can be installed on any machine of the domain and it also registers several domains.

This KBArticle is helpful but it doesn’t mention that if you are registering several domains the first one should be the wildcard FQDN.

 request.inf

 
[Version] 

Signature="$Windows NT$ 

[NewRequest]
Subject = "CN=*.*.mydomain.com" ; must be the FQDN of domain controller
EncipherOnly = FALSE
Exportable = TRUE  ; TRUE = Private key is exportable
KeyLength = 1024    ; Common key sizes: 512, 1024, 2048, 
			  ;    4096, 8192, 16384
KeySpec = 1             ; Key Exchange
KeyUsage = 0xA0     ; Digital Signature, Key Encipherment
MachineKeySet = True
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = CMC
	
; Omit entire section if CA is an enterprise CA
;[EnhancedKeyUsageExtension]
;OID=1.3.6.1.5.5.7.3.1 ; Server Authentication
	
[RequestAttributes]
CertificateTemplate = WebServer ;Omit  line if CA is a stand-alone CA
SAN="dns=*.*.mydomain.com&dns=svn.mydomain.com&dns=vpn.mydomain.com&dns=biz.mydomain.com&dns=www.mydomain.com&dns=blog.mydomain.com"

 Submit and accept the request

 
//Run this on your CA
certreq -new request.inf certnew.req
certreq -submit certnew.req certnew.cer
certreq -accept certnew.cer
Published  on  9/27/2009  by  xsolon
0  Comments  |  Trackback Url  | 0  Links to this post | Bookmark this post with:          
Tags: | Categories:
Technorati Tags:
 

Links to this post

Comments

Title:
Receieve Notification:
Website:
Email:
Comments:

CAPTCHA Image Validation