(Real CA's care a lot about the final cert's Subject and Extensions, blindly copying the extensions could be a security problem, so OpenSSL makes this explicit). SAN(Subject Alternative Name)でのマルチドメイン用の秘密鍵と証明書署名要求(CSR)を作成します。 openssl genrsa -out /tmp/server_key.pem 1024 openssl req -new -key /tmp/server_key.pem -out /tmp/server_req.pem State or Province Name (full name) []:Osaka Add an subject alternative name to SSL certificate with openssl Dr. Xi. $ echo|openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -noout -text | grep "Subject Alternative Name" -A2 | grep -Eo "DNS:[a-zA-Z 0-9. [[email protected] serverAuth]# openssl req -extensions v3_req -new -newkey rsa:4096 -keyout server.key -nodes -x509 -days 365 -out server.csr The Subject Alternative Name (SAN) is an extension to the X.509 specification that allows users to specify additional host names for a single SSL certificate. b9:af:43:f2:91:f9:04:85:e8:f6:92:81:4c:c6:bc:bf:23:5d: ブログを報告する, Kubernetesについて見ていると、時々出てくるkube-systemという…, これは、なにをしたくて書いたもの? Infinispan Serverを、OKD…, Apache 2.2.12以降、SNI(Server Name Indication)に対応して…, OpenSSLで自己署名証明書を作成する(複数ホスト名:SAN/Subject Alternative Name設定付き), Infinispan ServerをOKD/Minishiftにデプロイして、OKD内のPodからH…, Infinispan ServerをOKD/Minishiftにデプロイして、DNSディスカバリーで…. 99:7b:97:01:21:24:8e:65 The use of the SAN extension is standard practice for SSL certificates, and it’s on its way to replacing the use of the common name.. SAN certificates. Signature Algorithm: sha256WithRSAEncryption I had all sorts of fun today trying to get Subject Alternative Names working with my OpenSSL Apache server. .........................................................................................................................................................++ 1b:79:83:43:67:b2:3e:a4:91:cb:a1:b5:8f:6a:0e: X509v3 Subject Alternative Name: DNS:binfalse.de To quick-check one of your websites you may want to use the following grep filter: openssl s_client -showcerts-connect binfalse.de:443