Generate a self-signed multiple domain (UCC) SSL certificate

• Option 1: using openssl
• Find openssl.cnf

  sudo find / | grep openssl.cnf

• On Mac OS X, it is /System/Library/OpenSSL/openssl.cnf
• On Ubuntu Linux, it is /usr/lib/ssl/openssl.cnf
• Make a copy of openssl.cnf to /tmp/openssl.cnf

  cp /usr/lib/ssl/openssl.cnf /tmp/openssl.cnf

• Edit /tmp/openssl.cnf and append following line in [v3_ca] section:

  [v3_ca]
  ... ... ...
  subjectAltName = @alternate_names
  

  then append [alternate_names] section:

  [alternate_names]
  DNS.1 = mediaflux.localhost
  DNS.2 = daris.localhost
  

  Also, modify

  copy_extensions = copy
  

  It ensures the SANs are copied into the certificate.
• Generate private key:

  openssl genrsa -out private.key 3072 -nodes openssl req -new -x509 -key private.key -sha256 -config /tmp/openssl.cnf -out public.crt -days 730 -subj "/C=AU/ST=Victoria/L=Melbourne/O=W/OU=WL/CN=localhost"

• Option 2: using Java keytool

• keytool -selfcert -genkeypair -keystore /tmp/certs -alias mflux -storepass password -keyalg "RSA" -validity 3650 -dname "cn=localhost, ou=WL, o=W, l=Melbourne, st=Victoria, c=AU" -ext san=dns:daris.localhost,dns:mediaflux.localhost

---

see also

• Creating a SubjectAltName (SAN/UCC) CSR
• Multiple domain names on one SSL certificate(Generate UCC request file)
• Openssl SubjectAltNames
• How can I generate a self-signed certificate with SubjectAltName using OpenSSL?
• How to generate multi-domain (UCC) certificate in Java?