Own Web Certificate Setup

The steps below provide and example of own private certificate and generated Subject Alternative Name (SAN) certificate setup as summarized in Web Certificate Setup Options.

Note

The Subject Alternative Name (alt_names) field lets you specify additional host names (sites, IP addresses, common names, etc.) to be protected by a single SAN Certificate.

  1. Log into a system that has the openssl command set up.

  2. Create a bash script file with contents as below:

    openssl req -new -sha256 -nodes -out cert.csr -newkey rsa:4096 -keyout private.key -config <(
    cat <<-EOF
    [req]
    default_bits = 2048
    prompt = no
    default_md = sha256
    req_extensions = req_ext
    distinguished_name = dn
    
    [ dn ]
    C=<Country code>
    ST=<County/State>
    L=<City>
    O=<Orginization>
    OU=<Org Unit>
    emailAddress=<admin email address>
    CN = <Main DNS Name>
    
    [ req_ext ]
    subjectAltName = @alt_names
    
    [ alt_names ]
    DNS.1 = <Alternate name 1>
    DNS.2 = <Alternate name 2 … you can add more below, just inc DNS.2>
    EOF
    )
    
  3. Edit the sections in < > brackets.

  4. Run bash <scriptfile from above>

  5. Send the file called cert.csr to your CA, requesting them to make sure to sign it as a SAN certificate.

  6. Take the file that they send back, save it as signed.crt

  7. Combine the private.key file with signed.crt:

    Run cat private.key signed.crt > complete.cert

  8. Upload the complete.cert file to the VOSS-4-UC system using sftp or scp. The file will be added to the media/ directory, for example: media/complete.cert

  9. On the VOSS-4-UC system, run web cert add_san media/complete.cert