Tips Home

De Sambar Server Werkt ook met SSL



 More than one domain with your SSL certificate

A nice tip I read at the list from Ken Johanson


In the past, several people (including myself) have asked for a way to get Sambar Server to support multiple SSL certs, for servers that host more than one domain. But it turns out that SSL (x509 version 3, specifically), has built-in support for multiple domains per certifcate!!

Just add the following line to your config/openssl.cnf file, in the [ v3_ca ] section:

subjectAltName = DNS:,DNS:*,DNS:*

This line adds additional domains that browsers will validate a certificate against. Note the comma-separated-list format ; it allows you to add as many for few as you want. As in the example, you can also use wild card certs.

You need to re-create your certificate after adding that line to openssl.cnf, put the cert into your config/ dir, then restart your server.

I've verified that all modern browsers support this; Mozilla, Firebird, Safari, & IE. Theoretically, older software that uses SSL (email clients, etc) may not have support for this feature. It also does not provide a distinct cert based on IP address (the contemporary ssl binding method), but that's probably not going to be a problem for most of us.