Wildcard SSL certificate allow you to secure your website domain as well as subdomains using as single SSL certificate. But every SSL certificate requires a certificate signing request (CSR) for installation. Only when you submit CSR to the certificate authority (CA) and it is authenticated, will you receive the SSL certificate bundle. Generally, people create CSR for single domain or subdomain. But if you need to use wildcard SSL certificate then you will need a CSR for the same. In this article, we will look at how to create CSR for wildcard SSL certificate.
How to Create CSR For Wildcard SSL Certificate
Here are the steps to create CSR for wildcard SSL certificate. We will use OpenSSL to generate CSR for our wildcard certificate. OpenSSL is already installed by default in most Linux distributions and you don’t need to install it separately.
1. Generate CSR for Wildcard certificate
Let us assume you need to create CSR for wildcard domain, that is, *.example.com. In other words, we need a single CSR for all subdomains of example.com.
For this purpose, open terminal and run the following command.
$ sudo openssl req –new –newkey rsa:2048 –nodes –keyout server.key –out server.csr
You will see a bunch of questions with prompts. Enter required information.
- Common name – Fully qualified domain name of the website you are securing. Since we need wildcard certificate for all subdomains, use asterisk (*) in place of subdomain name *.example.com
- Organization – Full legal name of your business/company
- Organization Unit (OU) – If applicable, department such as ‘website security’, or use the company name
- City or Locality – Name of city or locality where your business is located. Do no abbreviate
- State or Province – Name of state or province where your organization is located. Do no abbreviate
- Country – Two-letter ISO code for country where organization is located. Here’s a list of country codes
You will be asked to enter an optional field for passphrase, for additional security. If you do not want to enter passphrase for your SSL certificate then you can leave this field as blank.
That’s it. OpenSSL will generate 2 files:
- server.key – private key required for SSL certificate
- server.csr – CSR file for SSL certificate
You can view the CSR file in a text editor.
$ sudo vi server.csr
It will look something like
-----BEGIN CERTIFICATE REQUEST----- ... -----END CERTIFICATE REQUEST-----
2. Install Wildcard SSL Certificate
Once you submit the CSR to your certificate authority (e.g Norton, Symantec, RapidSSL, etc.) you will be able download their SSL certificate bundle, or it will be emailed to you. The bundle will contain at least 2 files – intermediate certificate (RapidSSLCA.crt) and primary certificate (your_domain_name.crt). In our case, primary certificate will be example.com.crt
Copy these files to your server where you have generated CSR file above.
Open Apache configuration file. It will be one of the following locations, depending on your Linux distribution and type of installation.
$ sudo vi /etc/apache2/httpd.conf
Look for the block starting with <VirtualHost *:443> that listens to port 443, for SSL/HTTPS connections. Add the following lines to it.
<VirtualHost *:443> DocumentRoot /var/www/html ServerName *.example.com SSLEngine on SSLCertificateFile /path/to/example.crt SSLCertificateKeyFile /path/to/server.key SSLCertificateChainFile /path/to/RapidSSLCA.crt </VirtualHost>
Save and close the file. If the above block does not exist in your Apache configuration file, just add it. Update DocumentRoot location with the root location of files for your website.
Restart Apache server.
$ sudo service apache2 restart
That’s it. Now if you open web browser and visit https://www.example.com then you will see https displayed in address bar after the page is loaded. You may also use third-party SSL checkers to check if SSL certificate is installed correctly.
How to Remove Unused Kernels from Ubuntu
How to Remove Unused Kernels from RHEL/Fedora/CentOS
How to Install Sublime Text in Linux
HAProxy Load Balancer Configuration in Linux
How to Clone Partition or Hard Disk in Linux