This is part 3 of a mini-series of posts about Adobe Connect 8 and SSL. It actually was never intended to be a series of posts, it just grew into one – kind of organically.
In the last post I explained how one can create a Certificate Signing Request (CSR) for Adobe Connect 8 SSL if one deals with an internal Certificate Authority. The process as outlined included a basic installation of OpenSSL for Windows, creating the CSR file, sending it to your CA and receiving the digital certificate back from them. Depending what they provided you, you had to convert the certificate between different formats.
There’s a slight variation of the process required in case you want to create a CSR that covers multiple domain/server names. Let’s assume your Adobe Connect Server’s fully qualified domain name (FQDN) is: srv5463adc.company.com. Creating a CSR for that domain – fine, we know how that works. But what if there are DNS aliases so that users can actually access it also as: srv5463adc, adobeconnect.company.com and adobeconnect? Now our approach from the last post obviously hits a boundary. The current (single FQDN) certificate will not prevent your users from using the DNS aliases, but it will present them a very nasty warning message because the certificate on the server doesn’t match the FQDN requested.
So, we need to create a CSR that allows us to ask for multiple FQDNs. Here’s how that works with OpenSSL. Please note that I assume that you have installed OpenSSL 64 bit on Windows in the default setup:
1. In the openssl install folder go into the /bin subfolder and open openssl.cfg. Uncomment the following line by removing the “#” character in front of it.
# req_extensions = v3_req # The extensions to add to a certificate request
req_extensions = v3_req # The extensions to add to a certificate request
2. Further down you’ll find a section starting with “[ v3_req ]”. Add the following line to it (after obviously replacing my sample FQDNs here with whatever you need):
Save the file.
From here you can proceed with the approach as I’ve described it in the last post – run openssl to create your CSR and your certificate will now support multiple FQDNs.