From time to time it is needed to have multiple DNS Names in your Certificate.
First, create a File called machine_ssl.cfg on your vCenter.
[req] default_bits = 2048 prompt = no encrypt_key = no default_keyfile = machine_ssl.key default_md = sha256 req_extensions = req_ext distinguished_name = dn [ dn ] CN=vcsa.benslab.local C=IE ST=Cork L=Cork O=BenediktsLab OU=vSphere65 [ req_ext ] subjectAltName = @alt_names subjectKeyIdentifier = hash keyUsage = digitalSignature, nonRepudiation, keyEncipherment [ alt_names ] email.1 = email@example.com DNS.1 = vcsa.benslab.local DNS.2 = vcsa.test.local DNS.3 = vcsa.home.lab
Now as we have the configuration file we need to create the Certificate Signing Request.
openssl req -new -config machine_ssl.cfg -out machine_ssl.csr
This CSR needs to be signed by the CA and the Machine_SSL Cert can be replaced. If you just want to use the VMCA to sign the Certificate you may find this KB useful.