Comments on: How To Generate SSL Key, CSR and Self Signed Certificate For Apache

By: Vimuth

Vimuth — Mon, 15 Mar 2010 09:22:05 +0000

Im still counting on your reply Mr Ramesh! Thanks

By: Vimuth

Vimuth — Thu, 11 Mar 2010 18:11:23 +0000

Thank you loads for the great post. Can you please advice me as to how I should use go about using the same certificate on 2 apache servers(fail over) For an instance say my primary httpd server is box1.mynet.jazz and the second one is box2.mynet.jazz. I want to use the same certificate on the box2. Am I suppose to copy the .key and the .crt files from primary(box1) on to the same location or should I generate the certificate with a different approach. I look forward to bring this concept on to my production environment so please try to advice. Much appreciated if the steps are mentioned clearly.

By: Joe Doe

Joe Doe — Tue, 09 Mar 2010 06:59:56 +0000

“use *.mydomain.com for the common name to create a certificate for multiple sub-domains”

Does this then also applies for https://mydomain.xyz – without any subdomain?

By: Ramesh Natarajan

Ramesh Natarajan — Wed, 15 Jul 2009 03:56:25 +0000

@Orlin, Regarding your question: How to create a self-signed SSL certificates for multiple domains?

When you say multi-domain, are you talking about a wildcard certificates for subdomains? i.e Same SSL certificate for dev.mydomain.com, test.mydomain.com, prod.mydomain.com? If yes, while creating the certificate using openssl, use *.mydomain.com for the common name to create a certificate for multiple sub-domains.

By: Orlin

Orlin — Mon, 13 Jul 2009 08:20:03 +0000

Hi good one,

any info how I can make Self Signed certificate for multi domain.
Because I have couple of web sites hosted on my server and I want to use this certificate for all of them I have found some how-toes but all of the are not working or incomplete or theya re talking about totaly different aproaches like to add in /etc/ssl/openssl.cfg:

0.commonName ….
and then
1.commonName…
2.commonName…

or the other thing is to add alter names
any ideas?

Thank

By: Ramesh Natarajan

Ramesh Natarajan — Thu, 09 Jul 2009 00:49:26 +0000

@Aldo, Thanks for bringing CACert.org to our attention. @thanhdat, Thanks for the mention of the a2enmod ssl. I believe all the a2* commands (a2ensite, a2dissite, a2enmod, a2dismod) are for distros based on Debian? Is that correct? @Vimal, Thanks for your feedback. I appreciate it. @Zeke, I'm glad it worked out for you. Like Aldo mentioned you can get free certificate from CACert.org also.

By: Zeke Krahlin

Zeke Krahlin — Wed, 08 Jul 2009 17:04:15 +0000

Thanks for the SSL tips…however, in this article you emailed to subscribers, is also included a Google advertisement at the end, called “Do Not Buy SSL”. So I went to the linked page and sho nuff: I can get top notch SSL service absolutely free, from Comodo. If it weren’t for that little ad (and if it weren’t for my subscription to your list) I would have assumed by your article, that you must always pay for SSL.

By: Vimal

Vimal — Wed, 08 Jul 2009 16:20:53 +0000

Well written and easy to understand. I had been though this before and always found it confusing at some point or other.

By: thanhdat

thanhdat — Wed, 08 Jul 2009 15:31:19 +0000

Great post, Just a litte comment: I think we should enable mod_ssl for apache using “a2enmod ssl” and if you have time, please show us how to apply the cert to a website. Thanxxxxxx

By: aldo

aldo — Wed, 08 Jul 2009 15:18:27 +0000

Get a Valid free SSL Certificate with CAcert