wildcard csr

Hi,

Sorry… I’m a newbie on this.
and have been searching the kb…but nothing gives me a clear explanation…

Basically I have a debian machine running apache with 1 ip. and it is hosting a mailserver with webmail installed…

let say… I have…

and

They all on the same physical server and ip address…

How do I generate the csr, so it can be used to authenticate both hostname…

can I use “*.secondsky.com” in the cn ? or use ip address in the cn… like. “192.168.1.1” ?

if I use only “secondsky.com”, can it authenticate the sub-domain ? I dont think so right ?

Thanks

Putting an IP address in a certificate is a very bad idea. What if your IP changes, then you’re left with something worthless. And I’m guessing that it would be rather difficult to find a CA that’s willing to sign such a cert.

There are two solutions for you. First, you could use a wildcard certificate as you suggest, and use “*.secondsky.com” as the subject. The downside here is that the CA will charge a lot for this. Alternatively, you could use the certificate’s Subject Alternative Names extension. How you go about creating this depends on how you make the cert, so look in the documentation. You’ll also need to check the CA to see how much extra they’ll charge for doing this.