Thursday, October 27, 2016

Tutorial wildcard domain SSL TLS certificates

Tutorial wildcard domain SSL TLS certificates



Subject alternate domain (a.k.a. wildcard) TLS certificates are an efficient way to protect multiple domains without having to purchase multiple certificates.  Unfortunately, I had to dig quite a bit to figure out how to generate/update one using OpenSSL:

Generate a new key and cert:

Download myconfig.cnf and configure lines 127-150 and 224-230, install OpenSSL and then run:

openssl req -new -newkey rsa:4096 -keyout myprivate.key -nodes -extensions v3_req -config myconfig.cnf -out mycert.csr



Update cert (using an existing key):

openssl req -new -key myprivate.key -config myconfig_updated.cnf -out mycert_updated.csr


P.S. The wildcard domain is only single level (e.g. you cant do *.*.example.com)

P.P.S. If you set up your config file with your desired defaults, you can avoid hitting Enter for each prompt by including -batch in your openssl commands above.

Available link for download