I am trying to generate a self-signed SSL certificate to secure both example.com and *.example.com. Looking at the answers to this and this questions, there seems to be an equal number of people agreeing and disagreeing whether this could be done. However, the website from a certification authority seems to suggest that it could be done.

Currently, these are the changes added to my openssl configuration file:

[req]
req_extensions = v3_req

[req_distinguished_name]
commonName = example.com

[v3_req]
subjectAltName = @alt_names

[alt_names]
DNS.1 = example.com
DNS.2 = *.example.com

I tried the above configuration and generated a certificate. When navigating to https://example.com, it produces the usual warning that the cert is "self-signed". After acceptance, I navigate to https://abc.example.com and an additional warning is produced, saying that the certificate is only valid for example.com.

The certificate details only listed example.com in the certificate hierarchy with no signs of any wildcard subdomain being present.

I am not sure whether this is due to a misconfiguration or that the common name should have a wildcard or that this could not be done.