I'm running a server "myserver.net", which has the subdomains "a.myserver.net" and "b.myserver.net".
When creating (self-signed) SSL certificates, I have to create one for every subdomain, containing the FQDN, even though those subdomains are just vhosts.
OpenSSL permits only one "common name", which is the domain in question. Is there any possibility to create a certificate that is valid for all subdomains of a domain?
Best Answer
Yes, use *.myserver.net as common name.
This is called wildcard certs and there are large number of howtos finding with this keyword.
Here is one of them: https://web.archive.org/web/20140228063914/http://www.justinsamuel.com/2006/03/11/howto-create-a-self-signed-wildcard-ssl-certificate
Update: if you want cert to match root domain as well (myserver.net), then you should use Subject Alternative Name extension. When generating cert using openssh enter '*.myserver.net/CN=myserver.net' as Common Name.
Compatibly is good enough, unless you have an ancient browser.