Wildcard SSL certificates¶

A Wildcard SSL certificate is a type of Digital Certificate that secures a domain and all its subdomains with a single certificate.^[600-developer-tools-security-openssl.md] Instead of requiring separate certificates for each subdomain, a wildcard certificate utilizes an asterisk (e.g., *.example.com) to cover the base domain and an unlimited number of first-level subdomains.

Creation with OpenSSL¶

To generate a wildcard certificate, tools like OpenSSL are used to create a Certificate Signing Request (CSR). The process involves creating a private key and then generating a CSR that specifies the wildcard domain (Common Name).^[600-developer-tools-security-openssl.md]

A common workflow involves generating a root key (e.g., rootCA.key) and a self-signed root certificate (rootCA.crt) to act as the Certificate Authority (CA), especially for development or testing environments.^[600-developer-tools-security-openssl.md] The specific commands involved typically use openssl genrsa for key generation and openssl req for certificate signing requests.^[600-developer-tools-security-openssl.md]

Environment Setup¶

While traditionally requiring manual installation, environments like Windows 10 can utilize the Bash subsystem or tools like Cmder to run OpenSSL commands efficiently.^[600-developer-tools-security-openssl.md] For the certificates to be trusted by a browser or system, the generated root CA certificate must be imported into the "Trusted Root Certification Authorities" store.^[600-developer-tools-security-openssl.md]

Sources¶

^[600-developer-tools-security-openssl.md]