Own Web Certificate Setup

The steps below provide and example of own private certificate and generated Subject Alternative Name (SAN) certificate setup as summarized in Web Certificate Setup Options.

See also:

• VOSS Automate Setup a Web Certificate

• Convert Web Certificates from P7B to PEM Format

Note

The Subject Alternative Name (alt_names) field lets you specify additional host names (sites, IP addresses, common names, etc.) to be protected by a single SAN Certificate.

1. Log into a system that has the openssl command set up.

2. Create a bash script file with contents as for example below.

   Note

   This is an example, and not necessarily comprehensive. Refer to OpenSSL documentation for details.

   openssl req -new -sha256 -nodes -out cert.csr -newkey rsa:4096 -keyout private.key -config <(
   cat <<-EOF
   [req]
   default_bits = 2048
   prompt = no
   default_md = sha256
   req_extensions = req_ext
   distinguished_name = dn
   
   [ dn ]
   C=<Country code>
   ST=<County/State>
   L=<City>
   O=<Orginization>
   OU=<Org Unit>
   emailAddress=<admin email address>
   CN = <Main DNS Name>
   
   [ req_ext ]
   subjectAltName = @alt_names
   
   [ alt_names ]
   DNS.1 = <Alternate name 1>
   DNS.2 = <Alternate name 2>
   IP.1 = <Alternate IP 1>
   
   ... you can add more below ...
   EOF
   )
   

3. Edit the sections in < > brackets.

4. Run bash <scriptfile from above>

5. Send the file called cert.csr to your CA, requesting them to make sure to sign it as a SAN certificate.

6. Take the file that they send back, save it as signed.crt

7. Combine the private.key file with signed.crt:

   Run cat private.key signed.crt > complete.cert

8. Upload the complete.cert file to the VOSS Automate system using sftp or scp. The file will be added to the media/ directory, for example: media/complete.cert

9. On the VOSS Automate system, run web cert add_san media/complete.cert