Own Web Certificate Setup¶
The steps below provide and example of own private certificate and generated Subject Alternative Name (SAN) certificate setup as summarized in Web Certificate Setup Options.
Note
The Subject Alternative Name (alt_names
) field lets you specify additional host names
(sites, IP addresses, common names, etc.) to be protected by a single SAN Certificate.
Log into a system that has the openssl command set up.
Create a bash script file with contents as below:
openssl req -new -sha256 -nodes -out cert.csr -newkey rsa:4096 -keyout private.key -config <( cat <<-EOF [req] default_bits = 2048 prompt = no default_md = sha256 req_extensions = req_ext distinguished_name = dn [ dn ] C=<Country code> ST=<County/State> L=<City> O=<Orginization> OU=<Org Unit> emailAddress=<admin email address> CN = <Main DNS Name> [ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.1 = <Alternate name 1> DNS.2 = <Alternate name 2 … you can add more below, just inc DNS.2> EOF )
Edit the sections in
< >
brackets.Run bash <scriptfile from above>
Send the file called
cert.csr
to your CA, requesting them to make sure to sign it as a SAN certificate.Take the file that they send back, save it as
signed.crt
Combine the
private.key file
withsigned.crt
:Run cat private.key signed.crt > complete.cert
Upload the
complete.cert
file to the VOSS-4-UC system using sftp or scp. The file will be added to themedia/
directory, for example:media/complete.cert
On the VOSS-4-UC system, run web cert add_san media/complete.cert