Page Comparison

...

1. Edit the SSL configuration: /etc/pki/tls/openssl.cnf
   

   1. In the section "[ req ]", add or uncomment this line:

      Code Block
      [ req ] req_extensions = v3_req

      
      

   2. Immediately below, add the following:

      Code Block
      [ v3_req ] subjectAltName = @alt_names [ alt_names ] DNS.1 = example.demo.sales.local DNS.2 = master.acme.org

      
      

   3. Add as many alternative names as needed to the alt_names section.
   4. (optional) Set the other defaults as desired: countryName_default , localityName_default, ... 

2. Generate a private key: 
   

   Code Block
   openssl genrsa -des3 -out YOURDOMAIN.key 3072

   
   

3. Generate a CSR key with the newly created private key:
   

   Code Block
   openssl req -new -key YOURDOMAIN.key -out YOURDOMAIN.csr -config /etc/pki/tls/openssl.cnf -sha256 -newkey rsa:3072

   
   

4. Generate the final certificate:
   

   Code Block
   openssl x509 -req -sha256 -days 3650 -in YOURDOMAIN.csr -signkey YOURDOMAIN.key -out YOURDOMAIN.crt -extensions v3_req -extfile /etc/pki/tls/openssl.cnf

   
   

5. Combine both YOURDOMAIN.key and YOURDOMAIN.crt into a single YOURDOMAIN.pem file and configure HAproxy to use it.
6. Restart the HAproxy service.
7. From a Windows client or server, navigate to the secure URI with Chrome.
8. At first, it will say it's an untrusted certificate. Download the certificate locally, then double-click it to install it.
9. Restart the browser, and navigate to the secure URI. The browser should now accept the certificate.

...