Home / server / Questions / 396285
Accepted
Xiè Jìléi
Asked: 2012-06-07 17:51:06 +0800 CST

Generating wildcard SSL certificate

  • 772

I can make a single SSL certificate for several different domain names:

www1.example.com
www2.example.com
www3.example.com

But *.example.com doesn't work.

How can I make a single SSL certificate for all sub domains within .example.com?

P.S. Here is the extension part of the generated certificate:

    X509v3 extensions:
        X509v3 Basic Constraints: 
            CA:FALSE
        X509v3 Key Usage: 
            Digital Signature, Non Repudiation, Key Encipherment
        X509v3 Subject Alternative Name: 
            DNS:*.example.com

It's simply not matched by any sub-domain under example.com by the browser.

ssl-certificate

1 Answers

  1. Best Answer

    This is a bit old but I am sure this process has not changed that much over the years

    mkdir /usr/share/ssl/certs/hostname.domain.com
    cd /usr/share/ssl/certs/hostname.domain.com
    (umask 077 && touch host.key host.cert host.info host.pem)
    openssl genrsa 2048 > host.key
    openssl req -new -x509 -nodes -sha1 -days 3650 -key host.key > host.cert
    ...[enter *.domain.com for the Common Name]...
    openssl x509 -noout -fingerprint -text < host.cert > host.info
    cat host.cert host.key > host.pem
    chmod 400 host.key host.pem

    http://www.justinsamuel.com/2006/03/11/howto-create-a-self-signed-wildcard-ssl-certificate/

    • 0