Create SAN certificate from list.txt


#1

Hi Guys,

I need to create a certificate which I can use on whatever I want using lots of domains as SAN.

Is it possible to generate one from a .txt or so and will this be usable on any device that supports ssl certificates ? I’m not sure if a client is that needed on a device where the cert is used.

Thanks for the great product!


#2

Yes; I’m building a tool that lets you issue domains in bulk from a text file: https://github.com/mholt/certs (note that this is still incomplete, but I’ve already used it with success to generate certificates).

It’s not production-ready yet, but basically you have a CSV file with one certificate per line, and up to 100 names per line. Each line is thus a SAN certificate.

Right now it has to be run on the machine that the domains point to, but as soon as DNS challenge is implemented you can run from anywhere as long as you have credentials for a supported DNS provider and the domains are served by that DNS provider.


#3

My client, acmetool, lets you bulk names into certificates however you like.

# Certificate 1
acmetool want example.com www.example.com example.net www.example.net
# Certificate 2
acmetool want abc.foo www.abc.foo example.com www.example.com
# Find the right certificate for a hostname.
cat /var/lib/acme/live/www.example.com/{cert,chain,privkey}

The configuration files are YAML/JSON if you prefer to generate them programmatically:

cat <<END >/var/lib/acme/desired/target1
satisfy:
  names:
    - example.com
    - www.example.com
END
acmetool

#4

can your tool work with different webroots?

so I say

bla.com,ssl.bla.com,bla2.com,ssl.bla2.com -> /var/www/htdocs
secure.bla.com,secure.bla2.com -> /var/www/sdocs
protected.bla.com,protected.bla2.com -> /var/www/pdocs

all in 1 cert?

assuming the domains all point to the target machine.