.. _own_web_certificate_setup: Own Web Certificate Setup ------------------------- .. _12.5(1)|DOC-181: .. _19.1|DOC-181: The steps below provide and example of own private certificate and generated Subject Alternative Name (SAN) certificate setup as summarized in :ref:`web_certificate_setup_options`. See also: * :ref:`set_up_a_web_certificate` * :ref:`convert_web_certificates_from_P7B_to_PEM_Format` .. note:: The Subject Alternative Name (``alt_names``) field lets you specify additional host names (sites, IP addresses, common names, etc.) to be protected by a single SAN Certificate. 1. Log into a system that has the **openssl** command set up. #. Create a bash script file with contents as for example below. .. note:: This is an example, and not necessarily comprehensive. Refer to OpenSSL documentation for details. :: openssl req -new -sha256 -nodes -out cert.csr -newkey rsa:4096 -keyout private.key -config <( cat <<-EOF [req] default_bits = 2048 prompt = no default_md = sha256 req_extensions = req_ext distinguished_name = dn [ dn ] C= ST= L= O= OU= emailAddress= CN =

[ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.1 = DNS.2 = IP.1 = ... you can add more below ... EOF ) #. Edit the sections in ``< >`` brackets. #. Run **bash ** #. Send the file called ``cert.csr`` to your CA, requesting them to make sure to sign it as a SAN certificate. #. Take the file that they send back, save it as ``signed.crt`` #. Combine the ``private.key file`` with ``signed.crt``: Run **cat private.key signed.crt > complete.cert** #. Upload the ``complete.cert`` file to the VOSS Automate system using **sftp** or **scp**. The file will be added to the ``media/`` directory, for example: ``media/complete.cert`` #. On the VOSS Automate system, run **web cert add_san media/complete.cert** .. |VOSS Automate| replace:: VOSS Automate .. |Unified CM| replace:: Unified CM