Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save sr75/5691305 to your computer and use it in GitHub Desktop.
Save sr75/5691305 to your computer and use it in GitHub Desktop.
create a self signed wildcard ssl cert for testing with nginx.conf example

just change out app_name for your purposes

openssl genrsa 2048 > app_name-wildcard.key

openssl req -new -x509 -nodes -sha1 -days 3650 -key app_name-wildcard.key > app_name-wildcard.cert

# Common Name (eg, your name or your server's hostname) []:*.app_name.com

openssl x509 -noout -fingerprint -text < app_name-wildcard.cert > app_name-wildcard.info

cat app_name-wildcard.cert app_name-wildcard.key > app_name-wildcard.pem

chmod 644 app_name-wildcard.key app_name-wildcard.pem

example nginx conf below

# SSL

server {
  listen 443;
	server_name *.app_name.com;

	ssl                  on;
	ssl_certificate      /etc/nginx/ssl/app_name-wildcard.pem;
	ssl_certificate_key  /etc/nginx/ssl/app_name-wildcard.key;
	ssl_session_timeout  5m;

}
@kcivey
Copy link

kcivey commented Feb 13, 2014

What is the point of generating the .info file? Where is it used?

@minimul
Copy link

minimul commented May 30, 2014

Thanks for sharing. Worked without a hitch.

@iandunn
Copy link

iandunn commented Aug 5, 2017

Looks like this was just copied from a post on blog.celgeek.com. The comments there don't explain why the .info file is generated either.

@jack828
Copy link

jack828 commented Dec 19, 2017

Judging from the guide on IBM's Knowledge Center, the .info file just contains the certificate's information - creating it is not neccessary.

@katlimruiz
Copy link

what if I want naked and wildcard domain?

@devenpateldp
Copy link

I follow same steps.

I am getting error with with yellow mark and exception when open it. I go to certificate view from browser and it show me : This website does not supply ownership information.

so is there any solution??? I wanted to use wildcard domain enter for local service use only.

@progmars
Copy link

I wanted to use wildcard domain enter for local service use only.

And you can use it, but it will not be securely accepted by browsers because it is self signed.
Ownership error can be ignored - it's usually about EV (Extended Validation), which usually costs additional money for real certificates and is certainly not an option at all for self-signed certificates.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment