Create a Wildcard Server Certificate

  1. Generate a key file (It can be one-off operation)
openssl genrsa -out server/private/server.key 2048
  1. Generate a Certificate Signing Request (CSR)
openssl req -config mid-ca/mid-ca.conf -key server/private/server.key -new -sha256 -out server/csr/server.csr
  1. Sign the request (CSR) by Sub-CA
openssl ca -config mid-ca/mid-ca.conf -extensions server_cert -days 3650 -notext -in server/csr/server.csr -out server/certs/server.crt
  1. Generate PFX with NO password
openssl pkcs12 -inkey server/private/server.key -in server/certs/server.crt -export -out server/certs/server.pfx -passout pass:
  1. Result

Revoke a certificate

openssl ca -config mid-ca/mid-ca.crt -revoke server/certs/server.crt
cat mid-ca/index

See also:

Download from CloudShell