NeilJS/sslcrt-with-subjectAltName.txt

## sslcrt-with-subjectAltName.txt
# Update refs to .example.com
sudo su
openssl req -x509 -nodes -sha256 -days 3650 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -new -out /etc/apache2/ssl/apache.crt -subj /C=GB/ST=London/L=London/O="Company Name"/OU=Team/CN=www.example.com -reqexts SAN -extensions SAN -config <(cat /usr/lib/ssl/openssl.cnf <(printf '[ SAN ]\nsubjectAltName=DNS:www.example.com,DNS:example.com,DNS:*.example.com'))
exit
sudo service apache2 restart

# On Windows, trust the certificate: save the new certificate from Chrome to desktop (via Devtools > Security > View > Details > Copy to file; use DER option)
# May need to delete any previously imported certificates via mmc (on Windows)
# Run mmc; add the Certificates snap-in; import from desktop to 'Trusted Roots Certification Authorities' and also 'Other People'
# May need to clear Chrome history + SSLs (Settings > Network > Change proxy settings... > Content > Clear SSL state)
#-keyout /etc/apache2/ssl/apache.key may instead be -keyout /etc/ssl/private/www.example.com.key
#-out /etc/apache2/ssl/apache.crt may instead be -out /etc/ssl/certs/www.example.com.crt
# ^ Above two lines depend on path - this path may be defined in the vhosts file, eg: /etc/apache2/sites-available/example.ssl.conf
# - look for SSLCertificateFile and SSLCertificateKeyFile
# If there is no other location for ssl certificates, create an ssl folder: sudo mkdir /etc/apache2/ssl
# If certificate still appears to be issued by ubuntu then it is likely that the default-ssl.conf file is also still in use. Disable it: sudo a2dissite default-ssl.conf
# Links...
# https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04
# http://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl/27931596#27931596

Alt (vm2):

openssl req -x509 -nodes -sha256 -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/www.example.com.key -new -out /etc/ssl/certs/www.example.com.crt -subj /C=GB/ST=London/L=London/O="Company Name"/OU=Team/CN=*.example.com -reqexts SAN -extensions SAN -config <(cat /usr/lib/ssl/openssl.cnf <(printf '[ SAN ]\nsubjectAltName=DNS:www.example.com,DNS:example.com,DNS:*.example.com'))
	# Update refs to .example.com
	sudo su
	openssl req -x509 -nodes -sha256 -days 3650 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -new -out /etc/apache2/ssl/apache.crt -subj /C=GB/ST=London/L=London/O="Company Name"/OU=Team/CN=www.example.com -reqexts SAN -extensions SAN -config <(cat /usr/lib/ssl/openssl.cnf <(printf '[ SAN ]\nsubjectAltName=DNS:www.example.com,DNS:example.com,DNS:*.example.com'))
	exit
	sudo service apache2 restart

	# On Windows, trust the certificate: save the new certificate from Chrome to desktop (via Devtools > Security > View > Details > Copy to file; use DER option)
	# May need to delete any previously imported certificates via mmc (on Windows)
	# Run mmc; add the Certificates snap-in; import from desktop to 'Trusted Roots Certification Authorities' and also 'Other People'
	# May need to clear Chrome history + SSLs (Settings > Network > Change proxy settings... > Content > Clear SSL state)
	#-keyout /etc/apache2/ssl/apache.key may instead be -keyout /etc/ssl/private/www.example.com.key
	#-out /etc/apache2/ssl/apache.crt may instead be -out /etc/ssl/certs/www.example.com.crt
	# ^ Above two lines depend on path - this path may be defined in the vhosts file, eg: /etc/apache2/sites-available/example.ssl.conf
	# - look for SSLCertificateFile and SSLCertificateKeyFile
	# If there is no other location for ssl certificates, create an ssl folder: sudo mkdir /etc/apache2/ssl
	# If certificate still appears to be issued by ubuntu then it is likely that the default-ssl.conf file is also still in use. Disable it: sudo a2dissite default-ssl.conf
	# Links...
	# https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04
	# http://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl/27931596#27931596

	Alt (vm2):

	openssl req -x509 -nodes -sha256 -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/www.example.com.key -new -out /etc/ssl/certs/www.example.com.crt -subj /C=GB/ST=London/L=London/O="Company Name"/OU=Team/CN=.example.com -reqexts SAN -extensions SAN -config <(cat /usr/lib/ssl/openssl.cnf <(printf '[ SAN ]\nsubjectAltName=DNS:www.example.com,DNS:example.com,DNS:.example.com'))