1

My company recently purchased a Multi-Domain SSL certificate for use on an IBMi V7R2. I'm relatively new to the IBMi world, but I get the feeling the DSM doesn't support Multi-Domain SSL certificates. Whenever I try to create a CSR it only asks me for a single domain (In the Common name field). I would believe this would generate a CSR specific to the provided domain and none of the others with each successive attempt. Then would end up invalidating the previous domains since the CA re-generated the key.

  1. Does the DSM on IBMi support Multi-Domain SSL certificates?
  2. If the DSM doesn't support Multi-Domain SSL certificates, is there an alternative method which does?
d.lanza38
  • 357
  • 1
  • 6
  • 13

1 Answers1

0

The DCM does not allow you to specify multiple domains when generating a CSR. However with a Multi-Domain certificate it is the "Subject Alternative Name" field which dictates which domains the certificate is valid for. This is typically set by the CA (or a UI provided by one).

So if following the steps outlined here, on step 5 you would only need to specify the primary domain. You then submit the generated CSR to the CA and in the process there should be a way to list all of the domains to be included by this certificate. The field you would be looking to populate is called "Subject Alternative Name(s)" but your CA may call it something different. But when viewing your multi-domain certificate via a browser you will see the entry in the details tab: Screenshot of "Subject Alternative Name(s)"

d.lanza38
  • 357
  • 1
  • 6
  • 13