The following
openssl
commands are for OpenSSL v1.1.1. (brew install openssl@1.1
)
Create the CSR for a wildcard certificate:
# Using OpenSSL v1.1.1 on MacOS
# Ensure you set the Common Name to *.domain.com for WildCard certificates while entering the information
# !!! Remember the private key (PEM) password -- you will need it later !!!
openssl req -out csr.csr -new -newkey rsa:2048 -keyout privatekey.key
Create the CSR with the subjectAltName extension (may not need):
# Using OpenSSL v1.1.1 on MacOS
# Modify the domain's listed beefore running...
# !!! Remember the private key (PEM) password -- you will need it later !!!
openssl req -out csr.csr -new -newkey rsa:2048 -keyout privatekey.key -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:domain.com,DNS:www.domain.com,DNS:*.domain.com"))
To verify your SAN's are included in the CSR:
# This command will print out the CSR so you can validate the SANs are there
openssl req -in csr.csr -noout -text
Once your certificate has been signed you can then create a PFX using the .cer
and .key
you generated with the CSR.
Generate the PFX:
# Using OpenSSL v1.1.1 on MacOS
# Enter the private key password when prompted.
openssl pkcs12 -export -out certificate.pfx -inkey privatekey.key -in certificate.cer