Introduction

CAcert offers instructions in their wiki concerning certificates for multiple name based SSL hosts.

The mentioned wiki page discusses the alternative options in detail but I just want to highlight the procedures you need to follow in order to get a usable certificate for your SSL vhosts.

The procedure

Move into a directory where you wish to store your certificates and download the necessary script:

mkdir vhost_ssl
cd vhost_ssl
wget http://guillaume.romagny.free.fr/evaldo/csr.sh
chmod u+x csr.sh
./csr.sh

First enter an identifier for the certificate. This is not related to the server names and you can choose whatever you wish here:

Short Hostname (ie. imap big_srv www2): vhosts

Now follows the name of your primary host as common name:

FQDN/CommonName (ie. www.example.com) : gunnarwrobel.de

Subsequently you need to enter all alternative host names of the other vhosts that you wish to handle with this one certificate. Do not forget to provide the common name once again as the first alternative name:

SubjectAltName: DNS: gunnarwrobel.de
SubjectAltName: DNS: torp4.de
...

Finish with one line of empty input.

The script will place the certificate request and the private key into your home directory. Move them over to the current directory:

mv ~/vhosts_{csr,privatekey}.pem .

Now all you need to do in order to get the final certificate is to either process the certificate signing request using standard openssl procedures to get a self signed certificate. Or you submit the signing request to your certificate authority of choice, preferably CAcert.