Does anyone know if it's possible to create my own wildcard certificate under Ubuntu? For instance, I want the following domains to use one certificate:
https://a.example.com
https://b.example.com
https://c.example.com
views:
150answers:
1
+2
A:
Just follow one of the many step by step instructions for creating your own certificate with OpenSSL but replace the "Common Name" www.example.com with *.example.com.
Usually you have to keep a bit more money ready to get a certificate for this.
> openssl req -new -x509 -keyout cert.pem -out cert.pem -days 365 -nodes
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:Germany
Locality Name (eg, city) []:nameOfYourCity
Organization Name (eg, company) [Internet Widgits Pty Ltd]:nameOfYourCompany
Organizational Unit Name (eg, section) []:nameOfYourDivision
Common Name (eg, YOUR name) []:*.example.com
Email Address []:[email protected]
(Sorry, my favourite howto is a german text that I don't have readily available and can't find currently, thus the 'many' links)
Olaf
2009-11-30 20:45:04
Can I run that from any host or just the one from where my sites reside on?
Thierry Lam
2009-11-30 21:23:36
You can use that on any host. But if the request goes to www.example.net while the certificate is for *.example.com (note the net/com difference) you'll get the usual non-matching-certificate warning. However, you can have a number of different machines, one serving www.example.com, another a.example.com, b.example.com etc. and all machines use the same certificate. It breaks only when you access them with a non-matching domain name.
Olaf
2009-12-01 09:00:37