Home MiscellaneousHow to Generate a CSR and Install a Multi-Domain SSL Certificate
Miscellaneous

How to Generate a CSR and Install a Multi-Domain SSL Certificate

by Bella
written by Bella

Introduction

Managing SSL certificates for multiple websites can be complicated and time-consuming, especially when each domain requires its own certificate. A Multi-Domain SSL certificate, also called a Subject Alternative Name (SAN) certificate or Unified Communications Certificate (UCC), makes this easier by letting you secure several domains with a single SSL certificate.

This method lowers the administrative burden and helps organizations manage SSL security more effectively. In this article, we will look at what a Multi-Domain SSL certificate is, how to create a CSR with Subject Alternative Names (SANs), and how to install the certificate for multiple domains on a cPanel server.

What is Multi-domain SSL?

A multi-domain certificate (also known as a SAN certificate or Unified Communications Certificate (UCC)) is a special type of SSL certificate. With a multi-domain certificate, you are able to secure one domain name with different domain extensions (e.g. domain.co.uk and domain.es) or multiple domain names (e.g. domain.co.uk and example.com) hosted on the same server using one SSL certificate.

Multi-domain certificates include the standard Subject Name field which supports a single primary service name, as well as an additional entry called the Subject Alternative Name field which supports the additional service names.

How to generate SubjectAltName (SAN/UCC) CSR?

Generating CSR for multi-domain SSL requires :

  • Modifying the OpenSSL configuration file and supplying the extra name information
  • Generate CSR by executing the current openssl configuration file

>> Modifying the openssl configuration file

1. Make a copy of your initial openssl.cnf file

2. Open the configuration file /etc/pki/tls/openssl.cnf

2.a) Enable the extensions:

[req]
req_extensions = v3_req
(In the req section, this line should already exist, but be commented out.)

b) Add an entry in the v3_req section to collect the alternative names.

Edit the file and add under [v3_req] :

subjectAltName=”DNS:www.domain1.com,DNS:www.domain2.com,DNS:www.domain3.com”

OR

Edit as :

[ v3_req ]
subjectAltName = @alt_names

[alt_names]
DNS.1 = www.domain1.com
DNS.2 = www.domain2.com
DNS.3 = www.domain3.com

You will need to set your alt_names section to the FQDNs you wish to use. If you need more, simply add “DNS.4 = otherdomain.com” and so on.
Once you have done that, save the file, then run openssl!

>> Generate a CSR based on the current configuration file

We could generate a CSR from the new OpenSSL configuration file as below :

#openssl req -new -nodes -out myreq.csr -config openssl.cnf

When you run the command, it will ask you a series of questions, such as the Country Name, Organization name, etc., to generate the CSR. Once the command runs successfully, we will have a “myreq.csr” and a “privkey.pem” associated with the CSR.

How to install the certificate in multiple domains?

Now we can purchase the SSL from any trusted third-party providers by providing the generated CSR. When purchasing multi-domain SSL from trusted providers, we will have the option to specify the primary domain name (www.domain1.com) and the Subject Alternative Names (www.domain2.com, www.domain3.com, etc.).

Once the multi-domain SSL is issued, we could proceed with the normal procedures for installing the SSL for the accounts from cpanel/WHM

While multi-domain certificates are also useful when used to support unified communications deployments, there are some caveats for their use:

  • Multi-domain certificates do not support use of wildcard characters. For this reason, sub-domain names must be added as unique domain name entries in the certificate. Each time a new domain name is added, or an old one is removed, the certificate must be updated and re-deployed to each host server.

Given the ongoing shortage of IPv4 addresses, using a UCC SSL certificate seems increasingly attractive. This allows you to host multiple SSL domains using only a single IP address.

Conclusion

A Multi-Domain SSL certificate is a great option for securing multiple websites on the same server and simplifying certificate management. By using SAN entries, administrators can protect multiple domains and variations with a single SSL certificate. This approach lowers costs and simplifies the process.

To generate a SAN-enabled CSR, a few changes to the OpenSSL configuration file are necessary. However, after the certificate is issued, installation follows the usual SSL deployment steps in cPanel/WHM. Although Multi-Domain SSL certificates offer flexibility and more efficient use of IP addresses, administrators must remember to explicitly list each additional domain. They also need to update the certificate whenever domains are added or removed.

Need expert assistance?

SupportPRO has a team of experienced professionals. If you need any assistance or would like an expert review, you can contact our 24×7 online techs anytime.

If you require help, contact SupportPRO Server Admin

Server not running properly? Get A FREE Server Checkup By Expert Server Admins - $125 Value

You may also like

What Are Abuse Complaints and Why Do Hosting...

Automate Smarter with OpenClaw: Streamlining Workflows for Maximum...

AWS Cost Optimization for Greater Business Efficiency

Is Anonymous VPS Hosting Right for You? A...

Azure CLI Guide: Automating Cloud Computing for Business...

Small Business Server Management Guide (2026)

The Complete Guide to Email Archiving: Tools, Methods,...

How to Fix Kubernetes Pods That Are Stuck...

How to Resolve AWS SSM Agent Not Showing...

How to Enable HTTP/3 and QUIC for Faster...

Leave a Comment