UCC SAN SSL Certificate–GoDaddy/Azure

Introduction Adding sub-domain to UCC SSL 5 certificate and revoking existing SSL Certificate. Problem Statement: We have sub-domain called salesportal.mywebsite.com hosted on windows azure. Salesportal.mywebsite.com associated with SSL binding but that SSL is expired and we want to revoke that certificate and add it to UCC SSL 5 certificate from Go-daddy. => We have salesportal.mywesite.com hosted on windows azure. => SSL certificate purchase from Go-Daddy. In our case we want to remove standard certificate and add it to UCC 5 Certificate. Please follow below steps to revoke existing SSL and add it to New SSL certificate Installation To proceeds with SSL, first step is to download Open SSL. This is Open source software that will help us to create CSR request. Download Open SSL from following link: http://indy.fulgan.com/SSL/ Generate CSR Create CNF file for CSR For more detail visit following URL. http://azure.microsoft.com/en-in/documentation/articles/web-sites-configure-ssl-certificate/ Let’s understand how to apply SSL Certificate to multiple Domain. Download Sample code from http://azure.microsoft.com/en-in/documentation/articles/web-sites-configure-ssl-certificate/#bkmk_subjectaltname Example: # ————– BEGIN custom sancert.cnf —– HOME = . oid_section = new_oids [ new_oids ] [ req ] default_days = 730 distinguished_name = req_distinguished_name encrypt_key = no string_mask = nombstr req_extensions = v3_req # Extensions to add to certificate request [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = localityName = Locality Name (eg, city) localityName_default = organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = organization = Organization Name organization__default= commonName = Your common name (eg, domain name) commonName_default = www.mydomain.com commonName_max = 64 [ v3_req ] subjectAltName=DNS:payments. mydomain.com, DNS:blog.mydomain.com # ————– END custom sancert.cnf —– Note: => subjectAltName contains sub domain name. It can also contains main domain name as well. Example. www.crmonline.com File start with # ————– BEGIN custom sancert.cnf —– Above example can be tricky Problem statement 1: We have UCC SSL 5 certificate connected to payments.mywebsite.com and its running. We are adding salesportal.mywebsite.com domain to UCC SSL 5 certificate. In that case your Common Name will be payments.mywebsite.com and subjectAltName will be salesportal.mywebsite.com. Note: common name need to add from console window and subjectAltName in the cnf file. Example: # ————– BEGIN custom sancert.cnf —– HOME = . oid_section = new_oids [ new_oids ] [ req ] default_days = 730 distinguished_name = req_distinguished_name encrypt_key = no string_mask = nombstr req_extensions = v3_req # Extensions to add to certificate request [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = localityName = Locality Name (eg, city) localityName_default = organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = organization = Organization Name organization__default= commonName = Your common name (eg, domain name) commonName_default = www.mydomain.com commonName_max = 64 [ v3_req ] subjectAltName=DNS:salesportal.mywebsite.com, # ————– END custom sancert.cnf —– Problem Statement 2: We have UCC SSL 5 certificate connected to www.mywebsite.com and its running. We are adding salesportal.mywebsite.com domain to UCC SSL 5 certificate. In that case your Common Name will be www.mywebsite.com and subjectAltName will be salesportal.mywebsite.com. Please note: your common name you have to add from console window and subjectAltName in the cnf file. Example: # ————– BEGIN custom sancert.cnf —– HOME = . oid_section = new_oids [ new_oids ] [ req ] default_days = 730 distinguished_name = req_distinguished_name encrypt_key = no string_mask = nombstr req_extensions = v3_req # Extensions to add to certificate request [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = localityName = Locality Name (eg, city) localityName_default = organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = organization = Organization Name organization__default= commonName = Your common name (eg, domain name) commonName_default = www.mydomain.com commonName_max = 64 [ v3_req ] subjectAltName=DNS:salesportal.mywebsite.com, # ————– END custom sancert.cnf —– CSR Generation Write following command in Open SSL Console window. req -new -nodes -keyout myserver.key -out server.csr -newkey rsa:2048 -config sancert.cnf Note: sancert.cnf is above sample. myserver.key file is used to generate .pfx file. Steps 1: => Please fill basic information like Country name, State etc. => I have entered common name like payments.mywebsite.com because first time UCC SSL certificate is associate with payments.mywebsite.com. => If you are first time creating csr request then common name will be www.mywebsite.com If you want to check your CSR request then open CSR file in notepad and copy all code paste in following website. https://www.sslshopper.com/csr-decoder.html Revoke Expired SSL Certificate (GoDaddy) Always it’s better to revoke SSL certificate after it is expired. Please refer following URL for more support. https://support.godaddy.com/help/article/4747/revoking-an-ssl-certificate?countrysite=in Login to GoDaddy account: 1. Click on SSL Certificate: 2. Click on manage You can see we have one sub-domain Standard SSL is expired and another sub-domain has standard UCC SSL 5 certificate. We are going to add expired sub domain to standard UCC SSL certificate. 3. Click view status of expired domain. 4. Click on conform after that following window will appeared. 5. Wait for few minutes and refresh page. Certificate is expired successfully. 6. Following is status of certificate Add Domain to UCC 5 Certificate Click on domain which has UCC 5 certificate. If you have just purchase UUC 5 certificate then open that certificate and paste csr request. (Which also include # ————– BEGIN custom sancert.cnf —–# and # ————– END custom sancert.cnf —–#). Then click on manage. To add domain to UCC 5 Certificate, first we need re key that certificate Copy and paste your CSR in a text box Then Click on submit changes that will submit your New CSR request to GoDaddy Verification window will appeared. Refresh this page, you can see new Domain is successfully added to this certificate. Install certificate to Azure Download certificate from GoDaddy => Select Server type IIS and download zip file. => Important file is .crt extension and Ignore other files contain in zip => Open OpenSSl and click run as administrator(Run as administrator is IMP) Type following command in command line pkcs12 -export -out salesportal.pfx -inkey myserver.key -in 889d0fa6641ee566.crt myserver.key is … Continue reading UCC SAN SSL Certificate–GoDaddy/Azure →