Last active
October 18, 2018 12:49
-
-
Save mlawrie/4471859 to your computer and use it in GitHub Desktop.
Create an SSL Certificate Signing Request on OSX with wildcard and alternate names
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # First, generate the key. You will be prompted to enter a password, but we will strip it out in the next step: | |
| openssl genrsa -des3 -out server.orig.key 2048 | |
| # Then, stip out the password: | |
| openssl rsa -in server.orig.key -out server.key | |
| # Edit the OSX openssl config file to include your alternate names. | |
| # Edit the 'subjectAltName' field. E.g.: | |
| # | |
| # subjectAltName = "DNS:mydomain.com, DNS:*.beta.mydomain.com" | |
| # | |
| # You should use the wildcard for your primary (Common name) in the next step | |
| # and set at least the root domain as a subjectAltName. This example will | |
| # create a valid certificate for mydomain.com, *.mydomain.com and *.beta.mydomain.com | |
| # If you do not set the root domain (mydomain.com) in this example as an alt name | |
| # visitors will get a security warning when visiting https://mydomain.com, though not | |
| # when visiting https://www.mydomain.com | |
| sudo nano /System/Library/OpenSSL/openssl.cnf | |
| # Generate the CSR: | |
| openssl req -new -key server.key -out server.csr | |
| # This step will require you to enter some information that will appear on the certificate. | |
| # Only the first 4 fields plus the 'Common Name' (your main domain name) is required. | |
| # For a wildcard subdomain, enter *.mydomain.com for the 'Common Name'. Here's an example: | |
| # | |
| # | |
| # Country Name (2 letter code) [AU]:CA | |
| # State or Province Name (full name) [Some-State]:Ontario | |
| # Locality Name (eg, city) []:Toronto | |
| # Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your Company, Inc. | |
| # Organizational Unit Name (eg, section) []: | |
| # Common Name (eg, YOUR name) []:*.mydomain.com | |
| # Email Address []: | |
| # Finally, Check to see if it's as expected: | |
| openssl req -text -noout -in server.csr | |
| # Once you receive your certificate, you will probably have two or three .crt files. | |
| # You'll probably have to concatenate them together into a single .crt (At least for Heroku or nGinx). | |
| # E.g.: | |
| cat STAR_mydomain_com.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt > bundle.crt | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
this didn't work for me, i got an error that saving the file is not permitted (even with sudo). having trouble installing a wildcard ssl cert to osx server for secure web apps. any suggestions?