Using certool to generate CSRs that include multiple DNS names for one host
search cancel

Using certool to generate CSRs that include multiple DNS names for one host

book

Article ID: 316589

calendar_today

Updated On:

Products

VMware vCenter Server VMware vSphere ESXi

Issue/Introduction

Servers might be reached through multiple DNS names, for example, during server migration or for backward compatibility. If you specify multiple host names in the certool.cfg file, you avoid warnings or errors later.

Environment

VMware vCenter Server 6.0.x
VMware vSphere ESXi 6.0
VMware vCenter Server Appliance 6.0.x

Resolution

To generate a CSR for a host that might be reachable through multiple DNS names:
  1. Create a copy of certool.cfg, rename it, for example to certool_acme.cfg, and include multiple comma-separated host names, for example:
    Hostname = server.domain.local,server.domain2.local
  2. Run certool to generate the CSR. Because of an issue with --gencert, use --initcsr, as follows:
    certool --initcsr --privkey=priv.key --pubkey=pub.key --csrfile=csr.csr --config=certool_acme.cfg
For translated versions of this article, see:
日本語: 1 台で複数の DNS 名を持っているホストの CSR を certool を使用して生成する方法 (2111646)
Powered by Wolken Software