View the raw file
# TODO: Replace with your actual domain
export DOMAIN=mydomain.com
# Create the directory structure
mkdir -p ca/{certs,crl,newcerts,private,csr}
cd ca
# Create the index and serial files
touch index.txt
echo 1000 > serial
# Create the OpenSSL configuration file
curl http://obylysk.com/files/tls/config/raw.txt \
> openssl.cnf
# Set the domain environment variables
export SAN=DNS.1:${DOMAIN},DNS.2:*.${DOMAIN}
# Create the certificate authority private key
openssl genrsa -aes256 -out private/ca.key.pem 4096
# Create the certificate authority public certificate
openssl req -config openssl.cnf -key private/ca.key.pem -new -x509 \
-days 7300 -sha256 -extensions v3_ca -out certs/ca.cert.pem
# Create the wildcard domain private key
openssl genrsa -out private/wildcard.${DOMAIN}.key 2048
# Create the wildcard certificate signing request
openssl req -config openssl.cnf -new -sha256 -extensions san_env \
-key private/wildcard.${DOMAIN}.key \
-out csr/wildcard.${DOMAIN}.csr.pem
# Sign the wildcard certificate
openssl ca -config openssl.cnf -notext -md sha256 \
-extensions server_cert -extensions san_env \
-in csr/wildcard.${DOMAIN}.csr.pem \
-out certs/wildcard.${DOMAIN}.pem