Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I create my own wildcard certificate on Linux?

Tags:

certificate

ssl-certificate

Does anyone know if it's possible to create my own wildcard certificate under Ubuntu? For instance, I want the following domains to use one certificate:

https://a.example.com https://b.example.com https://c.example.com
like image 364
Thierry Lam Avatar asked Nov 30 '09 20:11

Thierry Lam

1 Answers

Just follow one of the many step by step instructions for creating your own certificate with OpenSSL but replace the "Common Name" www.example.com with *.example.com.

Usually you have to keep a bit more money ready to get a certificate for this.

> openssl req -new -x509 -keyout cert.pem -out cert.pem -days 365 -nodes Country Name (2 letter code) [AU]:DE State or Province Name (full name) [Some-State]:Germany Locality Name (eg, city) []:nameOfYourCity Organization Name (eg, company) [Internet Widgits Pty Ltd]:nameOfYourCompany Organizational Unit Name (eg, section) []:nameOfYourDivision Common Name (eg, YOUR name) []:*.example.com Email Address []:[email protected]

(Sorry, my favorite howto is a german text that I don't have readily available and can't find currently, thus the 'many' links)

Edit in 2017: The original answer to this question is from 2009, when the choice for certificates did not include fully automated and free options like Let's Encrypt. Nowadays (if the "domain-validated" certification level of Let's Encrypt is enough for your purpose) it's trivial to obtain individual certificates for each and every subdomain. In case you need a higher trust level than domain-validated, wildcard certificates are still an option.

Also from 2017, note the comment below, by @ha9u63ar:

According RFC 2818 sec. 3 using CN for host name identification is not recommended anymore (deprecated) Subject Alternative Name (SAN) seems to be the way to go.

My answer to this comment: I trust that nowadays any CAs that issue Wildcard certs will have a proper set of instructions. For a self-signed quick fix, I'd not worry. On the other hand, with LetsEncrypt being around these days, it's been a long time since I've created a self-signed certificate. Gee, this answer really shows its age.

like image 112
Olaf Kock Avatar answered Sep 20 '22 03:09

Olaf Kock
Sign in to Comment

Related questions

How to add certificate chain to keystore?
Connect to a https site with a given p12 certificate
Diference between Certificates in "Login" and "System" for XCode
How can I get a list of trusted root certificates in Java?
Delete certificate from Computer Store
How to check if a file has a digital signature
How to print the public key of a certificate using keytool?
Generate and Sign Certificate Request using pure .net Framework
Export P7b file with all the certificate chain into CER file
Import pfx file into particular certificate store from command line
Are Java code signing certificates the same as SSL certificates?
Should I use iOS Distribution or Apple Distribution certificates for a mobile app?
PKIX path building failed in Java application
How to determine certificate type from file
Convert .cer certificate to .jks
How do I sign a Java applet for use in a browser?
Create CSR using existing private key
cURL error 60: ssl certification issue when attempting to use symfony
How do you fix "code object is not signed at all In subcomponent:" in Xcode 6, Mac OS X Yosemite or Mavericks?
How can I decode a SSL certificate using python?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!