Skip to content

Instantly share code, notes, and snippets.

@wbs75

wbs75/wildcard_ssl.md

Last active August 29, 2015 14:04
Show Gist options
  • Save wbs75/e3195807679d773dd4e0 to your computer and use it in GitHub Desktop.
Save wbs75/e3195807679d773dd4e0 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
wildcard_ssl.md

Prerequisites

What you'll need first is to install Openssl on your server, this is a common package and will be available on all of the major distros through their package installer. Here is how you check to see if it is installed in a "Yum" style system:

# rpm -qa | grep -i openssl

If it didn't you'll want to run the following:

# yum install openssl openssl-devel

Generate the RSA key

Create a RSA key for your Apache server, since every distro is different in where to place the certificates, we are just going to place it in an arbitrary spot:

mkdir ~/domain.com.ssl/
cd ~/domain.com.ssl/

Type the following command to generate a private key.

openssl genrsa –des3 –out ~/domain.com.ssl/domain.com.key 2048

Create a CSR

Type the following command to create a CSR with the RSA private key (output will be PEM format):

# openssl req -new -key ~/domain.com.ssl/domain.com.key -out ~/domain.com.ssl/domain.com.csr

When creating a CSR you must follow these conventions. Enter the information to be displayed in the certificate. The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?.,&

DN Field - Explanation Example:

Common Name - The fully qualified domain name for your web server. This must be an exact match. If you intend to secure the URL https://www.yourdomain.com, then your CSR's common name must be www.yourdomain.com. If you plan on getting a wildcard certificate make sure to prefix your domain with an asterisk, example: *.domain.com.

Organization - The exact legal name of your organization. Do not abbreviate your organization name. domain.com

Organization Unit - Section of the organization IT

City or Locality - The city where your organization is legally located. Wellesley Hills

State or Province - The state or province where your organization is legally located. Can not be abbreviated. Massachusetts

Country - The two-letter ISO abbreviation for your country. US

Note: DO NOT Enter the following:

Email Address []: A challenge password []: An optional company name []:

Verify your CSR

# openssl req -noout -text -in ~/domain.com.ssl/domain.com.csr

Submit your CSR

From this point you have to take your CSR that you created here and submit it to a certificate authority. Ones that we recommend are going to be Verisign, Thawte and RapidSSL. There are also a number of other certificate authorities out there, shop around.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment