要製作 wildcard CSR 檔案 (Certificate Signing request,憑證簽署要求)
方式跟一般網址一樣
差別在 Common Name 要輸入 *.abcde.com
$ openssl genrsa -out abcde.com.key Generating RSA private key, 2048 bit long modulus .....+++ ........+++ e is 65537 (0x10001) $ openssl req -new -key abcde.com.key -out abcde.com.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:TW State or Province Name (full name) []:Taiwan Locality Name (eg, city) [Default City]:Taipei Organization Name (eg, company) [Default Company Ltd]: 公司英文名稱 Organizational Unit Name (eg, section) []:IT Common Name (eg, your name or your server's hostname) []:*.abcde.com Email Address []: [email protected] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:這樣就有 abcde.com.csr 檔案
即可用這個檔案申請 SSL/TLS 憑證
上面兩個 openssl 命令 也可以用一行命令就直接完成: openssl req -new -newkey rsa:2048 -nodes \ -keyout abcde.com.key -out abcde.com.csr \ -subj /CN=*.abcde.com
