Apologies on the minimalistic destructions. But this is how I do it using OpenSSL and Linux.
SSL SAN Certificates are required when you want to assign multiple SSL sites to both a single IP address and single SSL certificate.
# Copy the crap needed to your own ~ cp /etc/pki/tls/openssl.cnf ~/certwork cp /etc/ca.* ~/certwork vi ~/certwork/openssl.cnf
#Uncomment the following
req_extensions = v3_req
#Add Subject Alternate Names [ v3_req ] # Extensions to add to a certificate request basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = myaccount.uat.austar.com.au DNS.2 = tci.uat.austar.com.au DNS.3 = imagelibrary.uat.austar.com.au DNS.4 = onlinetv.uat.austar.com.au DNS.5 = tvguide.uat.austar.com.au [ v3_ca ]
# Create the certificate request
openssl req -new -config ~/certwork/openssl.cnf -key ~/certwork/ca.key -out gol-uatnet1.csr
# Get warm and fuzzy with certificate request confirming it contains your ALT names
openssl req -text -noout -in gol-uatnet1.csr
# Sign the certificate
openssl x509 -req -days 365 -extfile ~/certwork/openssl.cnf -extensions v3_req -in gol-uatnet1.csr -CA ~/certwork/ca.crt -CAkey ~/certwork/ca.key -CAcreateserial -out gol-uatnet1.cert
# Windows sucks when dealing with SAN certs so you need to create the following
openssl pkcs12 -export -in ~/certwork/gol-uatnet1.cert -inkey ~/certwork/ca.key -out gol-uatnet1.pfx -name "gol-uatnet1"
# Import PFX into Computer Certificate Store
Start -> Run -> mmc [enter]
Add the ‘Certificates’ snap-in
When prompted select the ‘Computer Account’
Expand Certificates -> Personal
Right-click -> All Tasks -> Import
OK, now to assign within IIS6
Create a dummy site or use the default site.
Manually assign the certificate to this initial site.
Due to not being able to add multiple SSL host headers you now need to do the following for your remaining sites.
cscript.exe adsutil.vbs set /w3svc/<identifier value>/SecureBindings ":443:<host.header.value>"
…and there you have it, one IP address, one SSL certificate and one big headache out of the way.