In the past, several people (including myself) have asked
for a way to get Sambar Server to support multiple SSL
certs, for servers that host more than one domain. But it
turns out that SSL (x509 version 3, specifically), has
built-in support for multiple domains per certifcate!!
Just add the following line to your config/openssl.cnf
file, in the [ v3_ca ] section:
subjectAltName = DNS:http://www.test.com,DNS:*.kensystem.com,DNS:*.etc.com
This line adds additional domains that browsers will
validate a certificate against. Note the
comma-separated-list format ; it allows you to add as many
for few as you want. As in the example, you can also use
wild card certs.
You need to re-create your certificate after adding that
line to openssl.cnf, put the cert into your config/ dir,
then restart your server.
I've verified that all modern browsers support this;
Mozilla, Firebird, Safari, & IE. Theoretically, older
software that uses SSL (email clients, etc) may not have
support for this feature. It also does not provide a
distinct cert based on IP address (the contemporary ssl
binding method), but that's probably not going to be a
problem for most of us.
Cheers,
ken
|