Overview
You have multiple sites on your server that you would like to protect with SSL and want to know how to apply the appropriate certificate(s). For example, you already have a certificate for list-1.domain-one.com, but you have another site, list-2.domain-two.com that you also want to protect with SSL.
Solution
A wildcard certificate can only be used to protect multiple sub-domains of the same domain. A SAN (Subject Alternate Name) certificate can protect multiple domains and supports wildcards. From the example in the Overview, it is possible to have a SAN certificate that includes *.domain-one.com and *.domain-two.com so that each domain could support multiple lists.
Create a Certificate Signing Request (CSR) for a SAN Certificate
- Open a command prompt and cd to the certs directory
...listmanager\tclweb\bin\certs
- Edit the
req.conffile and enter your relevant company, location, and domain details as needed:
[req] distinguished_name = req_distinguished_name req_extensions = v3_req prompt = no [req_distinguished_name] C = <COUNTRY> ST = <STATE> L = <CITY> O = <COMPANY> OU = <DIVISION> CN = www.domain-one.com [v3_req] keyUsage = keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1 = www.domain-one.com DNS.2 = domain-one.com DNS.3 = *.domain-two.com DNS.4 = domain-three.net - Generate the CSR with the command:
openssl req -new -out company_san.csr -newkey rsa:2048 -nodes -sha256 -keyout company_san_key.pem -config req.conf
- You will have generated two files in the certs directory. Your public key for requesting a certificate ( company_san.csr ) and a private key (company_san_key.pem). These files should be protected from the outside world
- Submit the CSR file ( public.csr ) you created to your Certifying Authority (CA)
Follow the steps to Install or Update SSL Certificate in Lyris LM after your CA sends you the certificates.
Priyanka Bhotika
Comments