OpenSSL (3) - Wildcard Server Certificate

February 9, 2025

Table of Contents

Create a Wildcard Server Certificate
Revoke a certificate
See also:

Create a Wildcard Server Certificate

Generate a key file (It can be one-off operation)

openssl genrsa -out server/private/server.key 2048

Generate a Certificate Signing Request (CSR)

openssl req -config mid-ca/mid-ca.conf -key server/private/server.key -new -sha256 -out server/csr/XXX.csr

Sign the request (CSR) by Sub-CA

openssl ca -config mid-ca/mid-ca.conf -extensions server_cert_gcs -days 3650 -notext -in server/csr/XXX.csr -out server/certs/XXX.crt

Generate PFX with NO password

openssl pkcs12 -inkey server/private/gcs_server.key -in server/certs/XXX.crt -export -out server/certs/XXX.pfx -passout pass:

Revoke a certificate

openssl ca -config mid-ca/mid-ca.crt -revoke server/certs/XXX.crt
cat mid-ca/index

See also:

Download from CloudShell