This guide outlines the steps to generate and request a wildcard SAN (Subject Alternative Name) SSL certificate for internal domains (e.g., *.company.local
). If you have subdomains (e.g., *.dev.company.local
), you'll need to prepare a certificate request and get it signed by your organization's certificate authority.
First, create a directory to store your files. Then, generate a private key using the following command:
openssl genrsa -out private.key 2048
Note: The
openssl
command is not available on Windows by default, but you can run it using Git Bash or a similar terminal.
In the same directory, create a configuration file (e.g., san.cnf
). The content of the file can look like this:
[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
organizationName = Organization Name (eg, company)
commonName = Common Name (e.g. server FQDN or YOUR name)
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = *.dev.company.local
DNS.2 = *.test.company.local
You only need to update the lines that start with DNS.
. These lines specify the domain names for which the certificate will be valid. You can add as many domain names as needed by incrementing the number (e.g., DNS.3
, DNS.4
, etc.).
Now, create a certificate signing request using your private key and the configuration file:
openssl req -out sslcert.csr -new -key private.key -nodes -config san.cnf
This command generates a .csr
file, which you can submit to your domain management team to request the certificate signature.
Email the .csr
file to your organization's domain management team (e.g., [email protected]
) with a request to sign the certificate. Typically, you will receive a .cer
file in DER format.
To convert the .cer
file to PEM (Base64 encoded), use the following command:
openssl x509 -inform DER -in certificate.cer -out certificate.crt
Now, you can use the private.key
and certificate.crt
files to enable SSL on your services.
Please use the New Issue button to submit issues, feature requests, or support inquiries directly to me. You can also send an e-mail to [email protected].