Home / server / Questions / 797341
Accepted
adampweb
Asked: 2016-08-18 02:47:11 +0800 CST

OpenSSL config expansion

  • 772

I created own Certificate Authority and server (virtualhost) certificate based on this specification: https://jamielinux.com/docs/openssl-certificate-authority/index.html

It's successfully created, it works, but server-certificate not working without "www" prefix.

If I load domain without "www", get an error:

SSL_ERROR_BAD_CERT_DOMAIN

I checked several pages longer, option would have (SAN - Subject Alternative Names), just do not know how to insert the above configuration.

ssl-certificate openssl subject-alternative-names

2 Answers

  1. Your SSL certificate is only valid for www.example.com. If you wish to access example.com you have the following option :

    • Use 2 certificates and 2 virtualhosts. One for www.example.com and the other one for example.com

    Note : You can't use wildcard certificate to achieve this because there is nothing in front of example.com (it would work for xyz.example.com).

    • 1
  2. Best Answer

    I add this line to intermediate CA config file:

    in 'server_cert' section:

    subjectAltName = @dns_names

    and add a new section:

    [ dns_names ]
DNS.0   = *.example.com
DNS.1   = example.com
DNS.2   = www.example.com

    And my problem is solved!

    • 1