SSL

Step Two — Configure Nginx to Use SSL

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ~/src/ssl/nginx.key -out ~/src/ssl/nginx.crt

How to create a multi-domain self-signed certificate for Apache2

cp /etc/ssl/openssl.cnf /tmp
echo '[ subject_alt_name ]' >> /tmp/openssl.cnf
echo 'subjectAltName = DNS:kc.unhcr.org, DNS:enketo.unhcr.org' >> /tmp/openssl.cnf
openssl req -x509 -nodes -newkey rsa:2048 \
  -config /tmp/openssl.cnf \
  -extensions subject_alt_name \
  -keyout www.example.com.key \
  -out www.example.com.pem \
  -subj '/C=XX/ST=XXXX/L=XXXX/O=XXXX/OU=XXXX/CN=www.example.com/emailAddress=postmaster@example.com'

or

openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -config ./openssl.cnf  \
  -extensions subject_alt_name \
  -keyout ~/src/ssl/kobo.unhcr.org.key \
  -out ~/src/ssl/kobo.unhcr.org.crt \
  -subj '/C=CH/ST=Geneva/L=Geneva/O=UNHCR/OU=DIST/CN=kobo.unhcr.org/emailAddress=quintoe@unhcr.org'

Check: openssl x509 -in ~/src/ssl/kobo.unhcr.org.crt -text -noout

Multi-Domain SSL Setup with “Subject Alternative Names”

CSR Generation

openssl genrsa -out SAN.unhcr.org.key 2048
openssl req -new -key SAN.unhcr.org.key -out SAN.unhcr.org.csr -config openssl-SAN.cnf

Check: openssl req -noout -text -in SAN.unhcr.org.csr

Self-signed certificate

openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -config ./openssl-SAN.cnf  \
  -keyout ~/src/ssl/SAN.unhcr.org.key \
  -extensions subject_alt_name \
  -out ~/src/ssl/SAN.unhcr.org.crt \
  -subj '/C=CH/ST=Geneva/L=Geneva/O=UNHCR/OU=DIST/CN=kobo.unhcr.org/emailAddress=SSLCertificates@unhcr.org'

check: openssl x509 -text -noout -in SAN.unhcr.org.crt

Wiki

kobo-install / ssl

SSL