Skip to content

Instantly share code, notes, and snippets.

@Bobsans

Bobsans/create-self-signed-wildcard-certificate.md

Forked from bitoiu/self-signed-wildcard-cert-for-ghes.md
Last active September 9, 2020 16:59
Show Gist options
  • Save Bobsans/950627ae0a23b0318eaea96f0cbb6460 to your computer and use it in GitHub Desktop.
Save Bobsans/950627ae0a23b0318eaea96f0cbb6460 to your computer and use it in GitHub Desktop.
Download ZIP
Self-Signed Wildcard certificate with SAN using openssl
Raw
create-self-signed-wildcard-certificate.md

Copy the default template of openssl.cnf to a writable location.

cp /etc/ssl/openssl.cnf src

Uncomment the req_extensions = v3_req

req_extensions = v3_req # The extensions to add to a certificate request

Add subjectAltName to v3_req section

[ v3_req ]
 
# Extensions to add to a certificate request
 
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

Add the main hostname and the wildcard to a new [alt_names] section

[alt_names]
DNS.1 = yourdomain.com
DNS.2 = *.yourdomain.com

Run the following and fill all the essential information, especially the CN (Common Name):

openssl genrsa -des3 -out hostname.key 2048
openssl rsa -in hostname.key -out hostname-key.pem
openssl req -new -key hostname-key.pem -out hostname-request.csr
openssl x509 -req -extensions v3_req -days 365 -in hostname-request.csr -signkey hostname-key.pem -out hostname-cert.pem -extfile <path to openssl.conf>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment