Add an attribute DNS in the certificate


#1

Hi,

I wanna know how can I add a DNS attribute in my certificate ?

I created my certificate for my website : https://pydio.ch-nevers.fr and everything is working.
I want to add the attribute dns “pydio.chn1.ch-nevers.fr”.

Any Idea?

regards,
Malcolm


#2

Any change to a certificate would require the making of a new certificate.

Simply add the new FQDN to the last request - thus increasing it by that one name.
And receive a new cert with the new and old names in it.
Like this one (one cert with two names):

How did you obtain your current cert?

You will probably have to update the DNS entry for: pydio.chn1.ch-nevers.fr
As it currently does not resolve to an IP.


#3

Hi,

I tried to add the new fqdn and created a new certificate but the URL : pydio.chn1.ch-nevers.fr is not a public dns so I got this error message :

So, How add a subject alternative name ?

I got my certificate thanks to certbot (Debian 8, apache2).

Regards,

Malcolm


#4

There are three ways to authenticate cert requests.
But only one will work for sites that are not publicly accessible = DNS.

You will have to be able to update the DNS zone for that name (via an ACME client).
Essentially similar to obtaining a wildcard cert.
Read through this doc and see if your DNS provider is listed: https://certbot.eff.org/docs/using.html#dns-plugins
If not listed, there may be other clients that may work with your DNS provider.

Otherwise you may have to get very creative…
Like allowing Internet access to that name; but having it NOT actually reach that site. Just enough to get the authentication. But that would depend largely on how your systems are setup and separated from each other and the Internet.
One other method could be to only allow port 80 access from the Internet to that name and use that for the authentication. And use the new cert on port 443 but on an IP that is not even accessible from the Internet or on a completely separate server.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.