If you want to setup a ssl-certificate with multiple subdomains(of the same domain), you’ll have to generate a certificate with alternative names. We can achieve this using some parameters in our openssl.cnf…
First we have to copy our default openssl.cnf:
cp /etc/ssl/openssl.cnf /opt/mysworkingdir
Next we have to find and uncomment the following line(if it doesn’t exist, we just add it):
req_extensions = v3_req
Now we can add a new section called “[v3_req]” if it doesn’t exist:
[v3_req]
# Extensions to add to a certificate request
subjectAltName = @alt_names
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
Now we just need another section for our alternative names:
[alt_names]
DNS.1 = myalternative.domain.com
Finally we can generate a Certificate-request(I assume that we already generated a private-key):
openssl req -new -days 365 -key private_key.pem -out my.csr -config openssl.cnf