[HOWTO] create a self signed cert to use HTTPS with multiples CN and IP

  • I use the well explained method described here:
    Spanish https://magmax.org/blog/creand…ntidad-certificadora-ssl/
    English https://datacenteroverlords.co…sl-certificate-authority/

    more info on: https://support.citrix.com/article/CTX227983

    But I modified some things to use SAN: https://geekflare.com/san-ssl-certificate/

    1 - Create a private key for CA

    openssl genrsa -out rootCA.key 2048

    2 - self firm this key for CA

    openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out rootCA.pem

    you generate 3 files on root (I use winSCP to show files):

    This files must be saved in a safe place and uploaded to your Firefox and chrome as Autority:

    So you have a trusted AC cert locally self-firm.

    now is time to create one cert per machine using previously AC cert to firm:

    first you need to copy req.cnf to root to use in post generation.
    please edit as you needs:

    As you can see 3 alternate names are used for my NAS
    DNS.1 = rnas.local
    DNS.2 = rnas
    IP.1 =

    that are Common Names for same machine and used only on my LAN ( On WAN
    you have CN like myNAS.duckdns.org or something simmilar)

    Now is time to generate your key:

    openssl genrsa -out device.key 2048

    now is time to generate device.csr:

    openssl req -new -key device.key -out device.csr -config req.cnf -sha256 -nodes

    Now final steps is to generete cert self-signed with SAN names to do this:

    openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 1000 -extensions extensions -extfile req.cnf

    and check that are all correct:

    openssl x509 -in device.crt -text -noout


    now is time to load private key on OMV to use HTTPS:
    use devicxe.key as private key
    and device crt as certificate:



    save and go to General settings, and select saved cert to use as HTTPS cert:


    And the last step is to wait 2 minutes to test (because if you test too quickly a warning about time is show).

    now you can test several url ( like DNS1,2 & IP.1 in the cnf file)

    eg: https://rnas.local


Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!