Wildcard Certificate
generate csr and key file
1
2
3
4
| export DOMAIN="csongyu.xyz"
export PASSCODE="changeit"
openssl genrsa -des3 -passout "pass:${PASSCODE}" -out "${DOMAIN}_private.key" 2048
openssl req -new -key "${DOMAIN}_private.key" -passin "pass:${PASSCODE}" -out "${DOMAIN}.csr" -subj "/C=CN/ST=Beijing/L=Beijing/O=csongyu/OU=csongyu/CN=*.${DOMAIN}"
|
verify the csr
1
| openssl req -text -noout -verify -in "${DOMAIN}.csr"
|
extract the private key
1
| openssl rsa -in "${DOMAIN}_private.key -check
|
SAN Certificate
In the SAN certificate, you can have multiple
complete CN.
san.cnf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| [ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no
[ req_distinguished_name ]
countryName = CN
stateOrProvinceName = Beijing
localityName = Beijing
organizationName = csongyu
commonName = *.csongyu.xyz
[ req_ext ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = www.csongyu.icu
DNS.2 = www.csongyu.tech
|
generate csr and key file
1
| openssl req -out csongyu.xyz.csr -newkey rsa:2048 -nodes -keyout csongyu.xyz_private.key -config san.cnf
|
verify the csr
1
| openssl req -text -noout -verify -in "csongyu.xyz.csr" | grep DNS
|