OpenSSL config expansion

Question

I created own Certificate Authority and server (virtualhost) certificate based on this specification: https://jamielinux.com/docs/openssl-certificate-authority/index.html

It's successfully created, it works, but server-certificate not working without "www" prefix.

If I load domain without "www", get an error:

SSL_ERROR_BAD_CERT_DOMAIN

I checked several pages longer, option would have (SAN - Subject Alternative Names), just do not know how to insert the above configuration.

Try ApeTec's instructions: http://apetec.com/support/GenerateSAN-CSR.htm — StackzOfZtuff, Aug 17 '16 at 11:33

score 1 · Answer 1 · answered Aug 17 '16 at 10:57

1

Your SSL certificate is only valid for www.example.com. If you wish to access example.com you have the following option :

Use 2 certificates and 2 virtualhosts. One for www.example.com and the other one for example.com

Note : You can't use wildcard certificate to achieve this because there is nothing in front of example.com (it would work for xyz.example.com).

answered Aug 17 '16 at 10:57

bgtvfr

When I look at Facebook as the certificate, you can be found in the section entitled "Certificate Subject Alt Name" to "* .facebook.com" and "facebook.com" as well. In my opinion this would be necessary in my case: SAN: *.example.com example.com – adampweb Aug 17 '16 at 11:09

score 1 · Accepted Answer · answered Aug 18 '16 at 13:59

1

I add this line to intermediate CA config file:

in 'server_cert' section:

subjectAltName = @dns_names

and add a new section:

[ dns_names ]
DNS.0   = *.example.com
DNS.1   = example.com
DNS.2   = www.example.com

And my problem is solved!

answered Aug 18 '16 at 13:59

adampweb

2 Answers2