我可以为几个不同的域名创build一个SSL证书:
www1.example.com www2.example.com www3.example.com 但*.example.com不起作用。
如何为.example.com所有子域创build一个SSL证书?
PS这是生成的证书的扩展部分:
X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment X509v3 Subject Alternative Name: DNS:*.example.com
浏览器根本无法通过example.com下的任何子域进行匹配。
这已经有点老了,但我相信这个过程多年来没有改变那么多
mkdir /usr/share/ssl/certs/hostname.domain.com
cd /usr/share/ssl/certs/hostname.domain.com
(umask 077 && touch host.key host.cert host.info host.pem)
openssl genrsa 2048> host.key
openssl req -new -x509 -nodes -sha1 -days 3650 -key host.key> host.cert
… [通用名input* .domain.com] …
openssl x509 -noout -fingerprint -text <host.cert> host.info
cat host.cert host.key> host.pem
chmod 400 host.key host.pem
http://www.justinsamuel.com/2006/03/11/howto-create-a-self-signed-wildcard-ssl-certificate/