How to secure both root domain and wildcard subdomains with one SSL cert?

Posted by Question Overflow on Server Fault See other posts from Server Fault or by Question Overflow
Published on 2012-09-30T07:18:35Z Indexed on 2012/09/30 9:39 UTC
Read the original article Hit count: 263

Filed under:
|
|

I am trying to generate a self-signed SSL certificate to secure both example.com and *.example.com. Looking at the answers to this and this questions, there seems to be an equal number of people agreeing and disagreeing whether this could be done. However, the website from a certification authority seems to suggest that it could be done.

Currently, these are the changes added to my openssl configuration file:

[req]
req_extensions = v3_req

[req_distinguished_name]
commonName = example.com

[v3_req]
subjectAltName = @alt_names

[alt_names]
DNS.1 = example.com
DNS.2 = *.example.com

I tried the above configuration and generated a certificate. When navigating to https://example.com, it produces the usual warning that the cert is "self-signed". After acceptance, I navigate to https://abc.example.com and an additional warning is produced, saying that the certificate is only valid for example.com.

The certificate details only listed example.com in the certificate hierarchy with no signs of any wildcard subdomain being present.

I am not sure whether this is due to a misconfiguration or that the common name should have a wildcard or that this could not be done.

© Server Fault or respective owner

Related posts about https

Related posts about openssl