Menu
I have found this answer, but it doesn't seem to work when trying to create a wildcard certificate.
I have taken the following steps:
New-SelfSignedCertificate -DnsName myhostname01,*.myhostname01 -CertStoreLocation Cert:\LocalMachine\My
(I slightly censored the URL to avoid potentially unsafe situations).
Next, I used the SSL certificate in a binding on my IIS server.
I visited the page in Chrome. As expected, the certificate is marked unsafe.
I saved a local copy of the certificate, and manually added a copy of of the certificate to my Chrome trusted CA's. However, the certificate is still not recognized:
The details of the certificate look like this:
Now, the certificates and URL I am visiting and have set up in my hosts file are all the same. There are no spelling errors. My question: am I using New-SelfSignedCertificate wrong? Or am I doing something wrong somewhere else?
843
The biggest concern with wildcard certificates is that when one server or sub-domain covered by the wildcard is compromised, all sub-domains may be compromised. In other words, the upfront simplicity of the wildcard can create significant problems should things go wrong.
If you want to test/laborate and need a wildcard certificate (SSL-certificate) you can create a selfsigned wildcard certificate in Windows. On the web-server (IIS): New-SelfSignedCertificate -CertStoreLocation "Cert:\LocalMachine\My" -DnsName "*.
CN validation was deprecated for a long time and is finally being phased out; wildcard certificates are also deprecated (RFC 6125) and they too may eventually be phased out.
For anyone else who might arrive at this question clinging onto what's left of their sanity, the answer that ended up working for me was this:
New-SelfSignedCertificate -Subject *.my.domain -DnsName my.domain, *.my.domain -CertStoreLocation Cert:\LocalMachine\My -NotAfter (Get-Date).AddYears(10)
168
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
