Generating a Self Signed Wild Card SSL Cert

As I have many domains and services on too many servers, I found it easier to use one shared self generated wildcard SSL which I’ve added trust keys into client devices.

Here’s just a quick run down of the steps:

mkdir /etc/ssl/andrewklau.com  
cd /etc/ssl/andrewklau.com  
openssl genrsa 2048 > andrewklau.key  
# Last for 10 years
openssl req -new -x509 -nodes -sha1 -days 3650 -key andrewklau.key > andrewklau.crt

# When it asks for Common Name enter the wildcard *.andrewklau.com 
openssl x509 -noout -fingerprint -text < andrewklau.crt > andrewklau.info  
cat andrewklau.crt andrewklau.key > andrewklau.pem  
chmod 400 andrewklau.key andrewklau.pem  

Now backup these files to a centralized location. There should be 4 generated files.

Installing it to any other server is as easy as every other guide out there, you have your .pem, .crt and .key

comments powered by Disqus