How to create a self-signed wildcard certificate. [cheatsheet]

openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -sha1 -key rootCA.key -days 3650 -out rootCA.pem

openssl genrsa -out SITE.key 2048
openssl req -new -key SITE.key -out SITE.csr

Create a file named SITE.cnf, and put the following inside:

req_extensions = v3_req

keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

DNS.1 =
DNS.2 = *


openssl x509 -req -days 9999 -in SITE.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out SITE.crt -extfile SITE.cnf

Great tool to test the installed certificate:
gnutls-cli --x509cafile rootCA.pem -p [ssl_sevice_port]

Leave a Reply

Your email address will not be published. Required fields are marked *