How to create SSL certificate with multiple Common Names

[Mr Spock]

Hi!

I'm new here, have deployed my first test server last week using the FOSS edition and I think Zimbra is a very good messaging solution!

Now, I have a problem here, have searched the forums, asked Google, but haven't found anything yet...

My server has a hostname as mail.example.org, so the automatically generated SSL certs have this FQDN as it's Common Name.

But it like to give this server other CNAME's in my DNS setup, things like imap.example.org, pop3.example.org and smtp.example.org.

But when I try this, my browser or mail client complains (obviously), as the cert CN is different from the name I'm using to access the server.

So, I'd like to know how I can create my SSL certs with all the names I want to give to my server.

[mackoftrack]

I'm bumping this. I have the same problem. Actually, all I really need to do is *change* the CN. Can this be done with a self-signed cert? I am really not interested in shelling out extra cash for a "commercial" cert. And I'm having trouble with browsers giving popups even after installing my cert. I assume this is due to mismatched hostnames.

Anyone?

Thanks

[tuanta]

You should reinstall the self-signed certificate, select "Replace the existing CSR" and add all your hostnames into "Subject Alternative Name".

Hope this helps.

[mackoftrack]

Quote:

Originally Posted by tuanta

You should reinstall the self-signed certificate, select "Replace the existing CSR" and add all your hostnames into "Subject Alternative Name".

Hope this helps.

I've done that, but IE7 still doesn't play nice. Anything else I can try? I'm already looking at DigiCert...

- Rafi

[tuanta]

I tested with IE6, IE7 and Firefox.
I think you were still wrong at the step adding all hostnames in to "Subject Alternative Name". This list should include the primary hostname of the ZCS.

However, please drop me an email to tuanta@iwayvietnam.com if you need any more support.

[nenicita]

when i create a open ssl certificate does not show me the option for alternative domain, i need to have this because my server has an alias mydomain.com my common name is MyDomain | Domain Names, Web Hosting, and Free Domain Services and when somebody try to use https://mydomain.com have an error that says ssl_error_bad_cert_domain and the cert is register just for MyDomain | Domain Names, Web Hosting, and Free Domain Services, please if you can say me this more detailed how to generate this certificate with both of my domains
Thanks

[tuanta]

Hi nenicita,

You need only one SSL certificate for the server which recognized as multiple common names, don't you?

You should consider to buy a "Wizard" SSL cert like this: True BusinessID Wildcard SSL Certificates - GeoTrust

Please do not hesitate to contact me (post to this forum or send me a private message/email) if you need any further assistance.

Rgds,
Tuan