Skip to content

Instantly share code, notes, and snippets.

@sandstrom
Created July 17, 2014 11:00
Show Gist options
  • Star 9 You must be signed in to star a gist
  • Fork 5 You must be signed in to fork a gist
  • Save sandstrom/a92a9d384999c659d96a to your computer and use it in GitHub Desktop.
Save sandstrom/a92a9d384999c659d96a to your computer and use it in GitHub Desktop.
Generate a wildcard certificate
# Use this command to generate a wildcard certificate, accepting any hostname and valid for 10 years
#
# This will void any validation of hostnames or domains, but can be useful in cases where some software requires SSL certificates,
# although the environment is already secured by other means (private network, ipsec, etc).
openssl req -x509 -batch -nodes -newkey rsa:2048 -keyout insecure.key -out insecure.crt -config insecure.cnf -days 3650
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = VA
ST = Vatican
L = Vatican
O = The Holy See
CN = *
[v3_req]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
basicConstraints = CA:TRUE
subjectAltName = @alt_names
[alt_names]
DNS.1 = *
DNS.2 = *.*
DNS.3 = *.*.*
DNS.4 = *.*.*.*
DNS.5 = *.*.*.*.*
DNS.6 = *.*.*.*.*.*
DNS.7 = *.*.*.*.*.*.*
@oradwell
Copy link

I think you named the config file wrong. It should be insecure.cnf from the bash script you're using.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment