Own Web Certificate Setup#

The steps below provide and example of own private certificate and generated Subject Alternative Name (SAN) certificate setup as summarized in Web Certificate Setup Options.

See also:

Note

The Subject Alternative Name (alt_names) field lets you specify additional host names (sites, IP addresses, common names, etc.) to be protected by a single SAN Certificate.

  1. Log into a system that has the openssl command set up.

  2. Create a bash script file with contents as for example below.

    Note

    This is an example, and not necessarily comprehensive. Refer to OpenSSL documentation for details.

    openssl req -new -sha256 -nodes -out cert.csr -newkey rsa:4096 -keyout private.key -config <(
    cat <<-EOF
    [req]
    default_bits = 2048
    prompt = no
    default_md = sha256
    req_extensions = req_ext
    distinguished_name = dn
    
    [ dn ]
    C=<Country code>
    ST=<County/State>
    L=<City>
    O=<Orginization>
    OU=<Org Unit>
    emailAddress=<admin email address>
    CN = <Main DNS Name>
    
    [ req_ext ]
    subjectAltName = @alt_names
    
    [ alt_names ]
    DNS.1 = <Alternate name 1>
    DNS.2 = <Alternate name 2>
    IP.1 = <Alternate IP 1>
    
    ... you can add more below ...
    EOF
    )
    
  3. Edit the sections in < > brackets.

  4. Run bash <scriptfile from above>

  5. Send the file called cert.csr to your CA, requesting them to make sure to sign it as a SAN certificate.

  6. Take the file that they send back, save it as signed.crt

  7. Combine the private.key file with signed.crt:

    Run cat private.key signed.crt > complete.cert

  8. Upload the complete.cert file to the VOSS Automate system using sftp or scp. The file will be added to the media/ directory, for example: media/complete.cert

  9. On the VOSS Automate system, run web cert add_san media/complete.cert