I've got a little private webserver where I have several virtualhosts. I know that it's impossible to assign a certificate to each individual virtualhost, because the server finds out which virtualhost was requested only AFTER the SSL connection has been established. But is it possible to have a single SSL certificate which lists several domains? Or at least a wildcard domain, like *.example.com. If yes, what Linux commands do I have to write to make such a self-signed certificate?
Added: To clarify – I have just one IP address for all the virtual hosts.
Best Answer
The following should work for you:
Result:
If you want request instead of self-signed just replace -x509 with -new and -extensions with -reqexts.
Update
Subject Alternative Name can be specified directly in command line with the recent versions of openssl:
See also https://security.stackexchange.com/questions/74345/provide-subjectaltname-to-openssl-directly-on-the-command-line/183973#183973