How to Create CSR for Wildcard SSL with OpenSSL Commands?
Wildcard SSL certificates secure one domain but have the added benefit of securing unlimited sub-domains. To generate every type of SSL certificate, users must generate a Certificate Signing Request (CSR).
To generate Wildcard SSL CSR, the first step is to install OpenSSL if it is not already on the system.
Let’s go through the detailed process to figure out how to create CSR with Openssl for a Wildcard SSL certificate.
What is Wildcard Certificate?
Wildcard SSL certificates are a cost-efficient option to secure a primary domain and its sub-domains. With one Wildcard SSL certificate, the users can secure unlimited sub-domains.
These certificates have a wildcard character (*) in the domain name. These subdomains are connected to the main domain.
For instance, if you use one domain, www.example.com, with a Wildcard SSL certificate, it will also secure type1.example.com, type2.example.com, type3.example.com, and so on.
Steps to Create a Private Key Using OpenSSL Commands
Before creating CSR with Openssl, confirm that the openssl is installed on the system.
Steps To Install OpenSSL on Windows
OpenSSL website: Visit the official website to download OpenSSL.
Follow the Steps: The next steps are simple to understand as they will take you through the process of installing Openssl on the system.
Set Environment Variables: After Openssl is installed, we need to set environment variables for the sessions.
On this, run the following commands;
>set OPENSSL_CONF=C:\Program Files\OpenSSL-Win64\bin\openssl.cfg
>set Path= C:\Program Files\OpenSSL-Win64\bin
Run OpenSSL: Lastly, hit Windows Key plus ‘R’ to open a command prompt and type ‘cmd’ to open a command prompt.
Steps To Install OpenSSL on Mac
- Open Homebrew: On Mac systems, open Homebrew and open the iTerminal.
- Give Commands: Here, type in, brew install OpenSSL.
- Skip Update: At times, Homebrew can get stuck in the update. To skip it, type in HOMEBREW_NO_AUTO_UPDATE=1 brew install OpenSSL.
This will allow you to operate OpenSSL on Mac systems. Followed by this, we need to create Private Keys with OpenSSL.
The process to generate OpenSSL Wildcard certificates begins by creating a private key. This private key is required to secure the connection between the client certificate and the server certificate.
Steps To generate a Private Key Using OpenSSL
openssl genrsa -out rsa.private 1024
With one command, you will have a private key saved on the system with name “rsa.private”
Steps to Create CSR with OpenSSL for Wildcard SSL
OpenSSL is one of the most common methods to create Wildcard certificates. The process for this is simple enough to understand;
- Open Terminal: Begin by opening the OpenSSL terminal on a Windows or macOS system.
- Enter Request: openssl req –new –newkey rsa:2048 –nodes –keyout server.key –out server.csr
After pressing Enter, you will be asked to enter the following details;
- Common Wildcard Name: Enter the complete domain name with an asterisk (*).
- Country Name: Fill in a two-character code for your country. USA becomes US, India becomes IN, Australia becomes AU, etc.
- State and Locality: Enter the name of the state you belong to, followed by the Locality or City name.
- Name of the Organization: Enter the company name, which is the same as the domain name.
- Organizational Unit: Next, enter the organizational section for the company. It can be the IT department, Marketing, etc.
- Enter the company Email Address
- In the last section, leave the password blank.
- Hit Enter: In the last step, check all the details, and hit Enter. With this, you have created a CSR certificate.
Steps to Create Wildcard Certificate CSR in IIS 5,6,7
Microsoft Internet Information Services (IIS) is a source to generate Wildcard CSR. The following instructions will allow you to use IIS for this purpose;
- Open IIS and Select Server: Open IIS Manager from Control Panel’s Administrative Tools. Select the server name (host); this is the host where you wish to generate the CSR.
- Select New Certificate: Move to Server Certificates located in the Security section and click on Create Certificate Request.
- Enter Details: In the next dialog box, enter the details for the Certificate, including Company Name, Organization, Organizational Unit, City/Locality, State/Province, and Country/Region. At the time of entering the domain name, make sure to add an asterisk(*).
- Security Details: In the dialog box, Cryptographic Service Provider Properties, Select Microsoft RSA SChannel Cryptographic Provider, and the Bit Length should be 2048 bit.
- Save CSR and Generate Order: After completing the details, save the CSR on the hard drive with the .txt extension.
- Generate Order: Open the text file and copy all the text. You need to paste the text in the Order Form with a prefix and suffix;
—–BEGIN CERTIFICATE REQUEST—–
And
—–END CERTIFICATE REQUEST—–
Pay the requested amount to generate Wildcard CSR and wait for the confirmation email.
Conclusion
The Certificate Authority requires the CSR form to issue the requested certificate. To create CSR with OpenSSL, we must employ a command prompt on Windows and iTerminal on macOS systems.
The CSR acts as a specific code for the website’s SSL certificate and contains all the information a CA would need to verify and authenticate the website and its owner’s details.