How to create a self-signed wildcard certificate. [cheatsheet]


openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -sha1 -key rootCA.key -days 3650 -out rootCA.pem

openssl genrsa -out SITE.key 2048
openssl req -new -key SITE.key -out SITE.csr

Create a file named SITE.cnf, and put the following inside:

[req]
req_extensions = v3_req

[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1 = domain.com
DNS.2 = *.domain.com

Finally:

openssl x509 -req -days 9999 -in SITE.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out SITE.crt -extfile SITE.cnf

Great tool to test the installed certificate:
gnutls-cli --x509cafile rootCA.pem -p [ssl_sevice_port] domain.com

Leave a Reply

Your email address will not be published. Required fields are marked *