.. _own_web_certificate_setup:

Own Web Certificate Setup
-------------------------


.. _12.5(1)|DOC-181:
.. _19.1|DOC-181:

The steps below provide and example of 
own private certificate and generated Subject Alternative Name (SAN) certificate setup
as summarized in :ref:`web_certificate_setup_options`.

.. note::
   The Subject Alternative Name (``alt_names``) field lets you specify additional host names
   (sites, IP addresses, common names, etc.) to be protected by a single SAN Certificate.

1. Log into a system that has the **openssl** command set up.
#. Create a bash script file with contents as below:

   ::
   
      openssl req -new -sha256 -nodes -out cert.csr -newkey rsa:4096 -keyout private.key -config <(
      cat <<-EOF
      [req]
      default_bits = 2048
      prompt = no
      default_md = sha256
      req_extensions = req_ext
      distinguished_name = dn
      
      [ dn ]
      C=<Country code>
      ST=<County/State>
      L=<City>
      O=<Orginization>
      OU=<Org Unit>
      emailAddress=<admin email address>
      CN = <Main DNS Name>
      
      [ req_ext ]
      subjectAltName = @alt_names
      
      [ alt_names ]
      DNS.1 = <Alternate name 1>
      DNS.2 = <Alternate name 2 … you can add more below, just inc DNS.2>
      EOF
      )


#. Edit the sections in ``< >`` brackets.
#. Run **bash <scriptfile from above>**
#. Send the file called ``cert.csr`` to your CA, requesting them to make sure to sign it as a SAN certificate.
#. Take the file that they send back, save it as ``signed.crt``
#. Combine the ``private.key file`` with ``signed.crt``:

   Run **cat private.key signed.crt > complete.cert**
#. Upload the ``complete.cert`` file to the VOSS-4-UC system using **sftp** or **scp**.
   The file will be added to the ``media/`` directory, for example: ``media/complete.cert``
#. On the VOSS-4-UC system, run **web cert add_san media/complete.cert**



.. |VOSS-4-UC| replace:: VOSS-4-UC
.. |Unified CM| replace:: Unified CM