Create a multi-domain SSL certificate without a common name.
I will use a self-signed certificate as it is enough to show how it works.
Describe certificate. Use DNS
option to define a DNS name and IP
option do define an IP address.
$ cat <<EOF | tee certificate.cfg [ req ] req_extensions = req_ext distinguished_name = req_distinguished_name prompt = no [req_distinguished_name] commonName=example.org [req_ext] subjectAltName = @alt_names [alt_names] DNS.1 = example.org DNS.2 = *.example.org EOF
Generate certificate.
$ openssl req -x509 -config certificate.cfg -extensions req_ext -nodes -days 360 -newkey rsa:2048 -sha256 -keyout certificate.key -out certificate.crt -new -subj "/"
Generating a RSA private key ..................................+++++ ..+++++ writing new private key to 'certificate.key' -----
Display certificate.
$ openssl x509 -in certificate.crt -text -noout
Certificate: Data: Version: 3 (0x2) Serial Number: 62:82:78:28:e9:5e:11:a4:d2:c4:3f:92:de:a8:f6:38:7e:ab:75:93 Signature Algorithm: sha256WithRSAEncryption Issuer: Validity Not Before: Feb 24 23:28:43 2021 GMT Not After : Feb 19 23:28:43 2022 GMT Subject: Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:dc:94:a2:4c:42:1e:7d:59:c2:84:ae:06:e1:67: c2:c0:0e:ed:b0:0a:fb:a9:b2:c1:fa:96:88:7f:6e: e8:b3:96:e5:c2:f3:bd:99:39:8c:c5:0c:35:b6:76: a4:ad:6d:73:0c:ca:f1:e2:17:d0:0c:83:20:4d:35: 44:40:e6:5e:60:20:fc:37:8b:c1:a2:a5:b8:34:91: e9:a0:b4:1d:de:1c:20:99:ca:3c:76:62:25:02:0f: 75:4b:98:c8:f7:1b:3f:5a:f8:8b:d9:a0:5f:c8:fc: ab:6e:97:99:50:14:aa:8b:b4:ea:32:a4:bd:f3:3a: 57:73:4b:6f:4c:cd:03:57:45:17:77:5b:92:9e:dc: 29:a3:0e:c0:28:3f:7d:ca:e8:2f:8d:58:4a:cf:14: 2b:ba:92:2f:6b:8d:b5:89:a7:c7:c5:49:fe:14:3f: 26:eb:6e:81:1a:a1:84:1e:25:a3:66:0f:7b:db:51: 35:09:bd:79:7e:06:60:73:0c:90:20:44:d2:0c:18: 5a:d5:05:f6:cc:34:d5:22:ad:e4:b6:3c:e9:7b:b9: b3:29:e9:84:30:b2:a8:5a:57:08:c6:6c:12:bc:97: f4:1a:1a:5b:cf:3f:75:4c:56:ec:06:b0:15:95:00: d3:00:17:9f:89:03:bc:ee:8e:ed:00:6c:cc:5c:4a: 37:f9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: DNS:example.org, DNS:*.example.org Signature Algorithm: sha256WithRSAEncryption d4:55:b8:d1:e9:6b:95:86:9c:6b:91:46:77:e4:db:85:c4:7c: a4:31:d6:ea:5e:45:ab:b5:08:6b:79:6c:59:02:de:6f:0c:d0: 44:52:75:d0:18:e8:22:23:e3:3b:8f:db:e2:34:9a:a1:84:d8: 31:7f:4b:d1:d1:82:3c:b2:aa:1b:05:12:97:54:39:ed:c1:1b: 4f:54:61:76:8e:3f:f3:bf:4b:4d:86:8b:7a:d0:ff:ca:59:a7: 47:51:37:68:9a:1b:cc:e3:5c:d6:3a:8a:fc:ac:61:fd:b9:0b: 09:43:d7:37:16:86:52:de:a5:f4:94:9b:1a:89:6b:7b:12:a4: 9c:36:25:96:73:68:4d:a0:f5:2d:a6:0b:a8:9e:d7:21:b7:88: 39:da:d1:d1:d8:9a:e5:0f:32:93:45:dd:35:46:bb:37:ee:5f: 2b:8d:d4:d4:03:b9:fe:ea:6d:40:47:a3:a3:b2:7d:cf:d7:27: 30:6c:a2:c2:50:4c:84:12:c7:e1:54:bc:6b:f8:cc:0f:20:86: 69:2d:f5:6c:64:f3:69:98:e1:ed:fd:70:c3:b0:ec:ea:89:65: 88:be:7b:98:fe:f1:2c:a4:76:3d:90:1f:46:3b:fe:2f:57:4d: ca:c7:b0:e9:bb:a0:c9:42:e0:be:7b:d7:5f:8b:58:20:9b:96: 5e:08:32:62