Parliament Hill Computers Ltd
Parliament Hill Computers Ltd
OpenSSL.cnf filesThe documentation is poor, there are too many ways of doing the same thing, the examples are overly complex for the purpose of simple web servers.
Learning from that we have a simple, commented, template that you can edit.
It is in the directory SSLConfigs.
some-domain.cnfDecide on a name for the certificate family, eg my-family
A family is a set of related web sites. In the example below
www.phcomp.co.uk, www4.phcomp.co.uk, etc
are all in one family.
The point about a family is that they all share one certificate.
Copy EXAMPLE.cnf to a meaningful name, eg my-family.cnf
Modify the 7 lines that start countryName=. What we put is:
countryName= UK
stateOrProvinceName= Hertfordshire
localityName= Watford
organizationName= Parliament Hill Computers
organizationalUnitName= Web Server
commonName= www.phcomp.co.uk
emailAddress= addw@phcomp.co.uk
If you have more than one web site address, then you need to put then in the
alt_names section at the bottom. You can put up to 99 extra names.
What we put included:
DNS.1 = www4.phcomp.co.uk
DNS.2 = ipv6.phcomp.co.uk
DNS.3 = ipv4.phcomp.co.uk
DNS.4 = test.phcomp.co.uk
If you do not have any then comment out the line that references the section:
# subjectAltName = @alt_names
Here is a complete example ssl.cnf file.
Next page: First edit of Apache configuration — for Let's Encrypt challenge-response
Return to How to Configure Let's Encrypt with acme_tiny.py
Return to tutorial home.
If you want any help using the above, or have any comments or suggestions, please contact us.