I have purchased a wildcard ssl certificate from RapidSSL and trying to set it up. Essentially I want to be able to use it as:
example.com
app.example.com
*.app.example.com
and that'd be also good if I can use on staging.app.example.com on another server (test server).
I have made it work on app.example.com but it doesn't work on others.
Also, after doing some reading this and that, I have learnt how it is done on definite routes but how about wildcard?
Most CA's will issue either a MultiDomain SSL or a single Wildcard cert.
So you would need (2) Certs to cover those 3 domains.
1) example.com, www.example.com
2) app.example.com, *.app.example.com
staging.app.example.com is covered by *.app.example.com but user.staging.app.example.com is not.
I've suggested using - hyphens instead in some cases, such as user-staging.app.example.com
I say most, as you can request these from Digicert and some others.
Cert 1 Generation with OpenSSL)
openssl req -new -newkey rsa:2048 -nodes -sha256 -keyout example.com.key -subj "/C=US/ST=Virginia/O=Company Name/OU=Web Security/CN=example.com" -config <(
cat <<-EOF
[req]
default_bits = 2048
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
[ dn ]
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = example.com
DNS.2 = www.example.com
EOF
)
Cert 2 Generation with OpenSSL)
openssl req -new -newkey rsa:2048 -nodes -sha256 -keyout example.com.key -subj "/C=US/ST=Virginia/O=Company Name/OU=Web Security/CN=example.com" -config <(
cat <<-EOF
[req]
default_bits = 2048
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
[ dn ]
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = app.example.com
DNS.2 = *.app.example.com
EOF
)
